in reply to Problem Linking Within Perl Monks
I'm sure I'm not the first to think of this and I think I even fell for it on someone else's home node long ago.And this was fixed a while ago, because if you can send a message (to a user or the chatterbox) just by a simple GET request this is open to CSRF. Actually before this was fixed you were able to put an image tag in your home node and its source was a link to sending a message, so it would have been automatically called when you visited the homenode.
So it's good that this doesn't work anymore (although it's still not fully CSRF protected).
Update: The prefilled form requires to edit the text field only (not the recipient, like I first thought when looking at the HTML source), and this is probably meant as a protection, so that people really look at the prefilled text before sending it.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: Problem Linking Within Perl Monks
by koolgirl (Hermit) on Jul 31, 2011 at 01:29 UTC | |
by planetscape (Chancellor) on Jul 31, 2011 at 13:42 UTC |
In Section
Perl Monks Discussion