brb when I posted my answer, I've been logged out... Anyway it was worded wrongly, I need to stop mechanize from executing the image src attribute. It is web application vulnerability called csrf, where if you have web page : www.guestbook.com/index.php?logout=true, and someone posts on that guestbook <img src="www.guestbook.com/index.php?logout=true"> anyone who views that page will be logged out, and that is what I need to somehow prevent | [reply] |
What makes you think that WWW::Mechanize implicitly follows the src= attributes of <img> tags? It doesn't even have a way to display images. Have you looked at the traffic that goes over the network?
Maybe you can explain to us what problem you actually are trying to solve. This sounds very much like an XY Problem to me.
| [reply]
[d/l]
[select] |
and someone posts on that guestbook <img src="www.guestbook.com/index.php?logout=true"> anyone who views that page will be logged out, and that is what I need to somehow prevent
just a side note: if this is your web application you can
prevent that this happens, for example by using a kind of
token. I do this in one of my webapps by adding a token
to every link/form that changes something on the server.
see Is your web application really secure? ("CSRF"). You can reduce the risk a little bit by
checking if a request was called with the method POST.
If this is not your webapp then you'd have to contact the author =)
Neither Firefox nor Opera can fully prevent
you from CSRF at the moment, they both do different things
to try it.
But I also wonder why mechanize would load images.
| [reply] |