|
|
|
|
|
|
by daremon
6136 days ago
|
|
|
In my understanding the video highlights 2 problems: a) csrf: Basecamp search results page could reject input that didn't originate from the respective search box. But it's useful to be able to send someone a link that will perform a search - it isn't a state changing operation after all. So everyone allows that. b) xss: the main problem of course is that the search results page prints the search input without any filtering... |
|
|