Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security: Block <img ... /> tags when sanitizing
A whole class of CSRF attacks uses the img tag: <img src="/admin/account/action_that_allows_get" /> This will invoke action_that_allows_get using a GET request and first- party cookies. There are some examples on Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery Note that really solid enforcement of the "use GET only for queries" rule will also prevent this kind of attack. Also note that if you allow third-party cookies, this patch doesn't help you at all--any other site on the Internet could trigger this attack.
- Loading branch information