As of just now, I've switched the cookies that the Perlmonks domains set to have the HTTPOnly attribute. This means that the most trivial XSS attack won't be able to steal cookies from here, as the browser will not make the cookie available to Javascript code.

This should be testable locally by pasting the following text into your browser Javascript console while on a Perlmonks domain: 

    javascript:alert(document.cookies);

[download]

If the userpass cookie still shows up there, you might need to log out and log in again.

I believe this will have no ill side-effects.

If you have a genuine use-case for giving Javascript access to the site cookie, please speak up so we can discuss a work-around.

In reply to Cookies switched to HTTPOnly Cookies by Co-Rion

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.