dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved remotely

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@15 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2006-09-30 13:41:26 +00:00
parent 0465a6d6aa
commit 98949c00d8
155 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
webgoat/main/project/WebContent/lesson_plans/HttpOnly.html Normal file
View File

@ -0,0 +1,9 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> HttpOnly Test</p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
To help mitigate the cross site scripting threat, Microsoft has introduced a new cookie attribute entitled 'HttpOnly.' If this flag is set, then the browser should not allow client-side script to access the cookie. Since the attribute is relatively new, several browsers neglect to handle the new attribute properly.
<p><b>General Goal(s):</b> </p>
The purpose of this lesson is to test whether your browser supports the HTTPOnly cookie flag. Note the value of the unique2u cookie. If your browser supports HTTPOnly, and you enable it for a cookie, client side code should NOT be able to read OR write to that cookie, but the browser can still send its value to the server. Some browsers only prevent client side read access, but don't prevent write access.
<!-- Stop Instructions -->