<p>Is it the injection of tokens into links etc or ajax requests that is failing? I found that xmlhttprequest injection doesn't work in <ie9</p>
<div class="gmail_quote">On Aug 6, 2013 6:34 AM, "Unmesh Desale" <<a href="mailto:Unmesh_Desale@symantec.com">Unmesh_Desale@symantec.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi Rajesh,<u></u><u></u></span></p><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Tried the below solution but it is still not able to inject the token. Whenever I am placing one alert message in that function then I am able to see CRSF token in resulting html (IE8).<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal" style="text-autospace:none"><span style="background:silver;font-size:10.0pt;font-family:"Courier New"">element</span><span style="font-size:10.0pt;font-family:"Courier New"">.setAttribute(attr, location);</span><span style="font-size:10.0pt;font-family:"Courier New""><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#3f7f5f">alert('token injected:' + value);<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:#3f7f5f"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Below are my settings for servelet in web.xml;<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><u><span style="font-size:10.0pt;font-family:"Courier New""><servlet></span></u><span style="font-size:10.0pt;font-family:"Courier New""><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            <servlet-name>JavaScriptServlet</servlet-name><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">            <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u><span style>param</span></u>><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name>source-file</param-name><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>WEB-INF/Owasp.CsrfGuard.js</param-value><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u><span style>param</span></u>><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u><span style>param</span></u>><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name>inject-into-forms</param-name><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>true</param-value><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u><span style>param</span></u>><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u><span style>param</span></u>><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name>inject-into-attributes</param-name><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>true</param-value><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u><span style>param</span></u>><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u><span style>param</span></u>><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name>domain-strict</param-name><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>true</param-value><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u><span style>param</span></u>><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:10.0pt;font-family:"Courier New"">            <init-<u><span style>param</span></u>><u></u><u></u></span></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-name><u><span style>referer</span></u>-pattern</param-name><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">                  <param-value>.*<u><span style>localhost</span></u>:8080.*</param-value><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New"">            </init-<u><span style>param</span></u>>           <u></u><u></u></span></p><p class="MsoNormal">
<span style="font-size:10.0pt;font-family:"Courier New""> <u><span style></servlet><u></u><u></u></span></u></span></p><p class="MsoNormal"><u><span style="font-size:10.0pt;font-family:"Courier New""><u></u><span style="text-decoration:none"> </span><u></u></span></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Below are settings for CSRF Guard Properties:<u></u><u></u></span></p><p class="MsoNormal"><u><span style="font-size:10.0pt;font-family:"Courier New""><u></u><span style="text-decoration:none"> </span><u></u></span></u></p>
<p class="MsoNormal"><u><span style="font-size:10.0pt;font-family:"Courier New""><u></u><span style="text-decoration:none"> </span><u></u></span></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.TokenPerPage=true<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.TokenPerPagePrecreate=false<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.Ajax=true<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.Default=/appliance<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.JavaScriptServlet=/appliance/JavaScriptServlet<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.JavaScript=*.js<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.css=*.css<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.html=*.html<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.png=*.png<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.jpg=*.jpg<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.ico=*.ico<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.gif=*.gif<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.Tag=/tag.jsp<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.jsp=*.jsp<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.Error=/appliance/error.html<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.Patch=/appliance/<a>manage.appliance.patch.details.do</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.SecurityEdit=/appliance/<a>settings.appreconfig.security.edit.do</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.unprotected.launchInitConfig=/appliance/<a>launch.configure.appliance.do</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Log.Message=potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, uri:%request_uri%, error:%exception_message%)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Redirect=org.owasp.csrfguard.action.Redirect<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Redirect.Page=/appliance/error.html<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.action.Rotate=org.owasp.csrfguard.action.Rotate<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.TokenLength=32<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">org.owasp.csrfguard.PRNG=SHA1PRNG<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Thanks,<u></u><u></u></span></b></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Unmesh Desale<br>
</span></b><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><b><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></b></p>
<p class="MsoNormal"><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> <u></u><u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Office:</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> +91 20 40754 4823  <b>Mobile: </b><a value="+919657725432">+91 9657725432</a><b>  <u><br>
</u><a>unmesh_desale@symantec.com</a></b></span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"><br></span><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><b><span lang="EN" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p></div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Rajesh Punjabi [mailto:<a>rajesh_punjabi@hotmail.com</a>] <br>
<b>Sent:</b> Monday, August 05, 2013 10:44 PM<br><b>To:</b> Unmesh Desale; <a>owasp-csrfguard@lists.owasp.org</a><br><b>Subject:</b> RE: [Owasp-csrfguard] Issue with IE8<u></u><u></u></span></p></div></div><p class="MsoNormal">
<u></u> <u></u></p><div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">I got into the same issue and here is what I wrote earlier on a thread.<u></u><u></u></span></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444"><u></u> <u></u></span></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">It seems when the JavaScriptServlet injects tokens to all the elements in the DOM, it also attaches the token to <script src=''> and <link href=''>.<u></u><u></u></span></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">In IE8 the browser loads all the css files and JS files twice.  This seems to screw up things.<u></u><u></u></span></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">You could try to make the INJECT_ATTRIBUTES parameter as false.<u></u><u></u></span></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444"><u></u> <u></u></span></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">Alternatively, if you think this may break some functionality you desire then in the injectTokenAttribute() method I added the following line. (more of a hack)<u></u><u></u></span></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">if(location != null && isValidUrl(location) && !location.toLowerCase().endsWith(".css") && !location.toLowerCase().endsWith(".js") && !location.toLowerCase().endsWith("javascriptservlet")) {<u></u><u></u></span></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">    var uri = parseUri(location);<u></u><u></u></span></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">    .....................<u></u><u></u></span></p></div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">}<u></u><u></u></span></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444"><u></u> <u></u></span></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">So basically for js, css files we shouldn't need to attach the CSRFTOKEN attribute.<u></u><u></u></span></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444"><u></u> <u></u></span></p></div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444">HTH<u></u><u></u></span></p>
</div><div><p class="MsoNormal" style="line-height:15.85pt"><span style="font-family:"Calibri","sans-serif";color:#444444"><u></u> <u></u></span></p></div><div><p class="MsoNormal" style="line-height:15.85pt">
<span style="font-family:"Calibri","sans-serif";color:#444444">Best,<br>Rajesh<u></u><u></u></span></p></div><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""><u></u> <u></u></span></p>
<div><div class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri","sans-serif""><hr size="2" width="100%" align="center"></span></div><p class="MsoNormal" style="margin-bottom:12.0pt">
<span style="font-family:"Calibri","sans-serif"">From: <a>Unmesh_Desale@symantec.com</a><br>To: <a>owasp-csrfguard@lists.owasp.org</a><br>Date: Mon, 5 Aug 2013 05:41:03 -0700<br>Subject: [Owasp-csrfguard] Issue with IE8<u></u><u></u></span></p>
<div><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Hi All,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">I have configured OWASP CSRFGuard for my project. It is working fine when I am browsing my site using Firefox Mozilla but same site doesn’t not work when I browse it through IE 8. This module is not able to inject CSRF token for IE8.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <u></u><u></u></span></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Is this module works (supports) IE8 and higher versions? Is it cross-browser compatible?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <u></u><u></u></span></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif"">Please suggest me some solution. I am in urgent need of help.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <u></u><u></u></span></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Thanks,</span></b><span style="font-family:"Calibri","sans-serif""><u></u><u></u></span></p><p class="MsoNormal">
<b><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Unmesh Desale<br></span></b><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><span style="font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN" style="font-family:"Calibri","sans-serif""> </span><span style="font-family:"Calibri","sans-serif""><u></u><u></u></span></p><p class="MsoNormal">
<b><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Office:</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif""> +91 20 40754 4823  <b>Mobile: </b><a value="+919657725432">+91 9657725432</a><b>  <u><br>
</u><a>unmesh_desale@symantec.com</a></b><span style="color:#1f497d"><br></span></span><b><u><span lang="EN" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:gray">________________________________</span></u></b><span style="font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <u></u><u></u></span></p><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div><p class="MsoNormal"><span style="font-family:"Calibri","sans-serif""><br>_______________________________________________ Owasp-csrfguard mailing list <a>Owasp-csrfguard@lists.owasp.org</a> <a>https://lists.owasp.org/mailman/listinfo/owasp-csrfguard</a><u></u><u></u></span></p>
</div></div></div></div><br>_______________________________________________<br>
Owasp-csrfguard mailing list<br>
<a href="mailto:Owasp-csrfguard@lists.owasp.org">Owasp-csrfguard@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-csrfguard">https://lists.owasp.org/mailman/listinfo/owasp-csrfguard</a><br>
<br></blockquote></div>