Removed gender specific words [ci skip] #13155
Conversation
| @@ -796,9 +796,9 @@ The next problem was MySpace filtering the word “javascript”, so the author | |||
| <div id="mycode" expr="alert('hah!')" style="background:url('java↵ script:eval(document.all.mycode.expr)')"> | |||
| ``` | |||
|
|
|||
| Another problem for the worm's author were CSRF security tokens. Without them he couldn't send a friend request over POST. He got around it by sending a GET to the page right before adding a user and parsing the result for the CSRF token. | |||
There was a problem hiding this comment.
The he over here refers to Samy, so its correct.
There was a problem hiding this comment.
Thanks for pointing it out. Corrected both.
|
This needs a rebase |
|
I squashed both commits using amend option. Am I doing something wrong ? |
|
@Amit-Thawait You need to rebase against rails-master. git checkout master
git pull upstream master
git checkout your-branch
git rebase masterwhere upstream points to remote rails |
|
It's 'already up to date'. What should I do ? :-( |
| * The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). | ||
| * He possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore he accesses the web application from time to time in order to keep the session alive. | ||
| * The attacker creates a valid session id: They load the login page of the web application where they want to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). | ||
| * They possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore they access the web application from time to time in order to keep the session alive. |
There was a problem hiding this comment.
They possibly maintain.
There was a problem hiding this comment.
Yup .. will correct it to.
|
Just a minor comment, and it cannot be merged, you may need to try another rebase. Thanks. |
|
Should I close this PR and open another one ? |
|
You shouldn't need to. Rebasing against master and force-pushing in your branche should allow a merge. |
|
Still not possible to merge, also please squash your commits into one. Thanks. |
|
I was able to rebase properly, but while trying to update the PR, a new PR got created. Really sorry for this extra noise. |
Removed he/him and replaced it with they/them