csrf - w3toppers.com

CSRF, XSS and SQL Injection attack prevention in JSF

XSS JSF is designed to have builtin XSS prevention. You can safely redisplay all user-controlled input (request headers (including cookies!), request parameters (also the ones which are saved in DB!) and request bodies (uploaded text files, etc)) using any JSF component. <h:outputText value=”#{user.name}” /> <h:outputText value=”#{user.name}” escape=”true” /> <h:inputText value=”#{user.name}” /> etc… Note that when … Read more

Django CSRF check failing with an Ajax POST request

If you use the $.ajax function, you can simply add the csrf token in the data body: $.ajax({ data: { somedata: ‘somedata’, moredata: ‘moredata’, csrfmiddlewaretoken: ‘{{ csrf_token }}’ },