New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removed gender specific words [ci skip] #13155
Conversation
@@ -796,9 +796,9 @@ The next problem was MySpace filtering the word “javascript”, so the author | |||
<div id="mycode" expr="alert('hah!')" style="background:url('java↵ script:eval(document.all.mycode.expr)')"> | |||
``` | |||
|
|||
Another problem for the worm's author were CSRF security tokens. Without them he couldn't send a friend request over POST. He got around it by sending a GET to the page right before adding a user and parsing the result for the CSRF token. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The he
over here refers to Samy, so its correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for pointing it out. Corrected both.
This needs a rebase |
I squashed both commits using amend option. Am I doing something wrong ? |
@Amit-Thawait You need to rebase against rails-master. git checkout master
git pull upstream master
git checkout your-branch
git rebase master where upstream points to remote rails |
It's 'already up to date'. What should I do ? :-( |
* The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). | ||
* He possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore he accesses the web application from time to time in order to keep the session alive. | ||
* The attacker creates a valid session id: They load the login page of the web application where they want to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). | ||
* They possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore they access the web application from time to time in order to keep the session alive. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They possibly maintain
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup .. will correct it to.
Just a minor comment, and it cannot be merged, you may need to try another rebase. Thanks. |
Should I close this PR and open another one ? |
You shouldn't need to. Rebasing against master and force-pushing in your branche should allow a merge. |
Still not possible to merge, also please squash your commits into one. Thanks. |
I was able to rebase properly, but while trying to update the PR, a new PR got created. Really sorry for this extra noise. |
Removed he/him and replaced it with they/them