XSSãã¯ãã¹ã»ãµã¤ãã»ã¹ã¯ãªããã£ã³ã°ã§åé¡ã¨ãã¦çã£å ã«ä¸ããããããªãcookie ã®å¤ã javascript ã§åã£ã¦ãããã¨ãããã¨ãåºæ¥ãªãã¯ããã¼ã®ãã¨ã§ãã ããã http only cookie ã¨è¨ã£ãããã¾ããããã®è¨å®ãåºæ¥ãããã«ãªãã¾ããã options = { "name" => "quality", "value" => "owesome", "http_only" => true } cookie = CGI::Cookie.new(options) http only ã¯ããã¼ã¨ã¯ãªããããã®æ¹ã¯ã T.Teradaã®æ¥è¨ã Mitigating Cross-site Scripting With HTTP-only Cookiesããå§ãã§ãã ãåºåã CSRF (Cross-Site Request Forgery) ãåæã«é²æ¢ãã¦ãã ãã
{{#tags}}- {{label}}
{{/tags}}