#1638033: add support for httponly on Cookie.Morsel

Reviewer: Benjamin
This commit is contained in:
Benjamin Peterson 2008-09-06 19:28:11 +00:00
parent 810f807b1b
commit 6ac7d7c80b
4 changed files with 18 additions and 1 deletions

View File

@ -148,7 +148,7 @@ Morsel Objects
--------------
.. class:: Morsel()
.. class:: Morsel
Abstract a key/value pair, which has some :rfc:`2109` attributes.
@ -162,9 +162,17 @@ Morsel Objects
* ``max-age``
* ``secure``
* ``version``
* ``httponly``
The attribute :attr:`httponly` specifies that the cookie is only transfered
in HTTP requests, and is not accessible through JavaScript. This is intended
to mitigate some forms of cross-site scripting.
The keys are case-insensitive.
.. versionadded:: 2.6
The :attr:`httponly` attribute was added.
.. attribute:: Morsel.value

View File

@ -408,6 +408,9 @@ class Morsel(dict):
# For historical reasons, these attributes are also reserved:
# expires
#
# This is an extension from Microsoft:
# httponly
#
# This dictionary provides a mapping from the lowercase
# variant on the left to the appropriate traditional
# formatting on the right.
@ -417,6 +420,7 @@ class Morsel(dict):
"domain" : "Domain",
"max-age" : "Max-Age",
"secure" : "secure",
"httponly" : "httponly",
"version" : "Version",
}
@ -499,6 +503,8 @@ class Morsel(dict):
RA("%s=%d" % (self._reserved[K], V))
elif K == "secure":
RA(str(self._reserved[K]))
elif K == "httponly":
RA(str(self._reserved[K]))
else:
RA("%s=%s" % (self._reserved[K], V))

View File

@ -122,6 +122,7 @@ Nicolas Chauvat
Michael Chermside
Albert Chin-A-Young
Adal Chiriliuc
Matt Chisholm
Tom Christiansen
Vadim Chugunov
David Cinege

View File

@ -56,6 +56,8 @@ C-API
Library
-------
- Issue #1638033: Cookie.Morsel gained the httponly attribute.
- Issue #3535: zipfile couldn't read some zip files larger than 2GB.
- Issue #3776: Deprecate the bsddb package for removal in 3.0.