| |||||||||||||
Cross-site request forgeryCross-site request forgeryPosted Oct 26, 2007 15:12 UTC (Fri) by anton (guest, #25547)In reply to: Cross-site request forgery by elanthis Parent article: Cross-site request forgery
[...] it is still very trivial for a site to include a hidden form with automatic submission thanks to JavaScript.Not a problem for me, because I have disabled Javascript. Maybe just like some web designers show their lack of competence with messages like "Turn on JavaScript", other webmasters could show their security competence by welcoming users that have JavaScript enabled with "Turn off Javascript".
(Log in to post comments)
|
|||||||||||||