Skip to content

Switch off adding anti_xss parameter «x» for certain forms. #1112

Closed
macik opened this Issue Dec 18, 2012 · 0 comments

2 participants

@macik
Cotonti member
macik commented Dec 18, 2012

Now it automatically adds to all post-forms on page, so when we have form to interact with foreign services we have some disadvantages:

  • «x» param can duplicates with form native param required by service
  • we send out «x» to outside own site thats not secure

I think we can track it on client side and switch it off (delete) if form requires it.

@macik macik was assigned Dec 24, 2012
@trustmaster trustmaster added the medium label Sep 20, 2014
@macik macik modified the milestone: Siena 0.9.19, Siena 1.0.0 Nov 17, 2015
@macik macik added a commit that closed this issue Nov 17, 2015
@macik macik Fix #1112: Switch off «anti_xss» for outside post forms
Now we can add `xp-off` class to POST form to switch off adding anti XSS
`x` parameter (added by default).
7c9cfe0
@macik macik closed this in 7c9cfe0 Nov 17, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.