Revision as of 19:37, 15 August 2025 edit 208.114.63.4 (talk) →Contextual output encoding/escaping of string input: Fix broken section link ← Previous edit		Latest revision as of 20:03, 15 August 2025 edit undo Frap (talk \| contribs) Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 35,596 edits m →Notable Incidents
Line 131: When a cookie is set with the <code>SameSite=Strict</code> parameter, it is stripped from all cross-origin requests. When set with <code>SameSite=Lax</code>, it is stripped from all non-"safe" cross-origin requests (that is, requests other than GET, OPTIONS, and TRACE which have read-only semantics).<ref>{{Cite journal\|url=https://tools.ietf.org/html/draft-west-first-party-cookies-07\|title=Same-site Cookies\|last1=Mark\|first1=Goodwin\|last2=Mike\|first2=West\|website=tools.ietf.org\|date=April 6, 2016 \|language=en\|access-date=2018-05-04}}</ref> The feature is implemented in [[Google Chrome]] since version 63 and [[Firefox]] since version 60.<ref>{{Cite web\|url=https://caniuse.com/#feat=same-site-cookie-attribute\|title=Can I use... Support tables for HTML5, CSS3, etc\|website=caniuse.com\|language=en-US\|access-date=2018-05-04}}</ref> == Notable ~~Incidents~~incidents == * [[British Airways data breach]] (2018)

Cross-site scripting: Difference between revisions