Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Simplify the structure of the introduction (#80)
* Simplify the structure of the introduction I'm taking a stab at a small reorganization of the introduction to try and make it flow a little better. This PR aims to leave the original meaning intact, while also tightening some of the prose and removing things that don't seem critical in the introduction. Specifically, it: - Removes the mention of CSRF in the overview. Since we're discussing a different class of vulnerabilities, and CSRF is not a canonical example of an XS-leak (and may not be immediately known to all readers), I think we could omit it without loss of understandability. - Moves some of the explanation of how an XS-leak works from the "Principle" section into the "Overview". I think the "Principle" section reads nicely when it focuses on introducing the notion of an oracle and the questions that leak data. The more general information, such as what kind of information can be learned via an XS-leak, seems to fit in well in the "Overview". - (Less importantly) It changes the capitalization of some terms to lowercase. E.g. "same-origin policy" is commonly lowercased, except when it's in a heading. I've also lowercased it as "cross-site leaks" in the first sentence, because I think it's _slightly_ more common to lowercase XSS and CSRF when expanding the acronyms (this is what Wikipedia and PortSwigger do; OWASP title-cases them, but I think they're in the minority.) This is just an idea -- if you feel like some pieces of this PR are useful while others aren't, let me know and I can revert the bad ones. * Add mention of XS-leak principles in text, change section heading * Add the CSRF reference back Co-authored-by: terjanq <terjanq@users.noreply.github.com> * Add the CSRF reference in the footer. * Update content/_index.md Co-authored-by: terjanq <terjanq@users.noreply.github.com>
- Loading branch information