Request to merge: new-updxlrtr-v3.0: Enabling GET-Params for %xlrtrsettings
jiweigert at gmail.com
Thu Apr 25 13:55:29 CEST 2013
I'm not really happy about re-implementing basic Features of HTML via JS,
just cause of a limited processing (and thats what this return if... is)
And as you know, Each method could be faked and just limiting on POST is
putting a sign in front of fort knox sayin "There is no gold, bye".
Sure, if there is a better solution to only on GET and POST methods it
would be great to implement
its for accessing GET-Params ;) which wont work otherwise,
I used this for the section-switcher in the updxlrtr.
2013/4/25 Michael Tremer <michael.tremer at ipfire.org>
> I think the original intention to filter for POST requests is to prevent
> cross-site scripting issues. However, it is not a huge problem to create
> a POST request with JS.
> I am still not convinced that we should remove this line. It makes XSS
> attacks more easy and therefore more dangerous.
> For what exactly is this modification required?
> On Wed, 2013-04-24 at 18:22 +0200, Jörn-Ingo Weigert wrote:
> > This add GET-Parameters for xlrtrsettings in header.pl
> > _______________________________________________
> > Development mailing list
> > Development at lists.ipfire.org
> > http://lists.ipfire.org/mailman/listinfo/development
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Development