Is MeFi protected against CSRF
? I know the logout link isn't (should be a form button anyway) and could be triggered by displaying an image to a MeFi user, but if the forms are vulnerable things could get nasty (imagine someone posting a link that changes your prefs, or makes you create a post, etc.). Just askin'...
posted by malevolent to Bugs at 3:12 AM (97 comments total)
5 users marked this as a favorite