Displaying 1 result from an estimated 1 matches for "homakov".
2013 Nov 28
74
Remove :js responder
https://github.com/rails/rails/issues/12374#issuecomment-29446761
Here in discussion I proposed to deprecate JS responder because this
technique is insecure and not pragmatic way to transfer data.
It can be exploited in this
way http://homakov.blogspot.com/2013/05/do-not-use-rjs-like-techniques.html
i find this bug very often so i know what i''m talking about. With it
attacker can steal user data and authenticity_token if templates with form
were leaked too.
--
You received this message because you are subscribed to the Go...