Request to merge: new-updxlrtr-v3.0: Enabling GET-Params for %xlrtrsettings
michael.tremer at ipfire.org
Thu Apr 25 12:29:27 CEST 2013
I think the original intention to filter for POST requests is to prevent
cross-site scripting issues. However, it is not a huge problem to create
a POST request with JS.
I am still not convinced that we should remove this line. It makes XSS
attacks more easy and therefore more dangerous.
For what exactly is this modification required?
On Wed, 2013-04-24 at 18:22 +0200, Jörn-Ingo Weigert wrote:
> This add GET-Parameters for xlrtrsettings in header.pl
> Development mailing list
> Development at lists.ipfire.org
More information about the Development