Please sign in to comment.
Verify form submissions for text/plain posts too.
Some browsers can POST requests with text/plain encoding, allowing attackers to potentially subvert the request forgery prevention. http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
- Loading branch information...
Showing with 1 addition and 1 deletion.