[Owasp-csrfguard] CSRFGuard 3.1 - unexpected token in csrfguard.js

Mon Oct 15 03:42:15 UTC 2018


I am trying to add CSRFGuard for our website. I managed to configure CSRFGuard and I see the token in my pages but there is an error in the JavaScript:

function isValidDomain(current, target) {
                           var result = false;

                           /** check exact or subdomain match **/
                           if(current == target) {
                                        result = true;
                           } else if( %DOMAIN_STRICT% == false) {
                                        if(target.charAt(0) == '.') {
                                                     result = current.endsWith(target);
                                        } else {
                                                     result = current.endsWith('.' + target);


                           return result;

This happens for all the attributes of the JavaScriptServlet with % tag. Please help.

Best Regards,
Rachna Jain


IMPORTANT : This email contains confidential information intended only for the person named above and may be subject to legal privilege. If you are not the intended recipient, any disclosure, copying or use of this information is prohibited. Quest Laboratories provides no guarantee that this communication is free of virus or that it has not been intercepted or interfered with. If you have received this email in error or have any other concerns regarding its transmission, please notify postmaster at questlabs.com.sg. You must destroy the original transmission and its contents. Any views expressed within this communication are those of the individual sender, except where the sender specifically states them to be the views of Quest Laboratories. If this document is not required for record keeping purposes, please consider the environment before storing or printing. This communication should not be copied or disseminated without permission.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20181015/484c649a/attachment.html>

More information about the Owasp-csrfguard mailing list