WordPress should implement HttpOnly Cookies to slow down XSS
|Reported by:||_ck_||Owned by:||anonymous|
|Severity:||major||Keywords:||cookies dev-reviewed close-2.7|
While it's far from perfect and there are complex ways around it, HttpOnly Cookies are supported now by all major browsers and will prevent many kinds of XSS attacks.
I need to do more research but it should be fairly easy to implement. I'll suggest this for bbPress and BackPress too.
Change History (21)
- Component changed from General to Security
- Severity changed from normal to major