Y
Hacker News
new
|
ask
|
show
|
jobs
by
jamessocol
5082 days ago
Hopefully you're taking steps to prevent both. But yes, closing the CSRF window and leaving the XSS door open would largely defeat the purpose of CSRF protections.