texte = --001a11c33d322b0c6405188cbd89Content-Type: text/plain; charset=UTF-8Stuart,Hi - your emails refer to two different things.The first email gave an example of Cross-Site Scripting (XSS): https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)this is prevented by ensuring that all user generated content / input thatmay be displayed on a site is validated and encoded.The second email referred to a Cross Site Forgery Request (CSRF): https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)this is prevented by ensuring that all actions on a site undertaken by alogged in user include a random token that is verified before processingthe action. Other methods include always checking for a valid referrerheader when processing actions, or asking a user to re-eneter theirpassword for particularly secure actions (changing email or password forexample). https://www.owasp.org/index.php/CSRF_Prevention_Cheat_Sheet- Tom--001a11c33d322b0c6405188cbd89Content-Type: text/html; charset=UTF-8Content-Transfer-Encoding: quoted-printable
Stuart,
Hi - your emails refer to two d=ifferent things.
The first email gave an example o=f Cross-Site Scripting (XSS):
=C2=A0 =C2=A0=C2=A0<=a href=3D"https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)">https=://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
this is prevented by ensuring that all user generated content / inp=ut that may be displayed on a site is validated and encoded.
=
The second email referred to a Cross Site Forgery Request (CSRF)=:
this i=s prevented by ensuring that all actions on a site undertaken by a logged i=n user include a random token that is verified before processing the action=. Other methods include always checking for a valid referrer header when pr=ocessing actions, or asking a user to re-eneter their password for particul=arly secure actions (changing email or password for example).
=C2==A0 =C2=A0=C2=A0
- Tom
--001a11c33d322b0c6405188cbd89--
Associated Messages, from the most recent to the oldest:
--001a11c33d322b0c6405188cbd89Content-Type: text/plain; charset=UTF-8Stuart,Hi - your emails refer to two different things.The first email gave an example of Cross-Site Scripting (XSS): https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)this is prevented by ensuring that all user generated content / input thatmay be displayed on a site is validated and encoded.The second email referred to a Cross Site Forgery Request (CSRF): https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)this is prevented by ensuring that all actions on a site undertaken by alogged in user include a random token that is verified before processingthe action. Other methods include always checking for a valid referrerheader when processing actions, or asking a user to re-eneter theirpassword for particularly secure actions (changing email or password forexample). https://www.owasp.org/index.php/CSRF_Prevention_Cheat_Sheet- Tom--001a11c33d322b0c6405188cbd89Content-Type: text/html; charset=UTF-8Content-Transfer-Encoding: quoted-printable