[Owasp-csrfguard] Javascript generated links

Shantanu Gattani sgattani at gmail.com
Thu Aug 2 00:34:05 UTC 2012


I am working on a rather large scale portal and trying to utilize the JS
Token injection strategy. However, a lot of the links for which the portal
sends GET requests are generated within a javascript itself and my efforts
of injecting a token into them have thus far not succeeded. Could you
provide some guidance regarding this. I cannot blanket unprotect the GET
method as I am not sure if it is truly being utilized as read only (large
legacy code base with home grown toolkit).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20120801/bebe1f13/attachment.html>

More information about the Owasp-csrfguard mailing list