The original code was attempting to set a single form field named "text", while actually allowing that text to control the whole form being submitted.
This is a security risk, because form requests can mix trusted with untrusted inputs. (Trusted: e.g. the action selected from a drop-down. Untrusted: e.g. another user's text or name, or an entity name decoded from the initial URL.)
So, sticking with the "moderation tool" example, you could make a moderator execute an unintended moderation action when they interact with your carefully-crafted username.
The article showed that a piece of vulnerable frontend code was generated. Most commenters instantly dismissed that as an irrelevant concern and instead talked about securing the backend. Yes, you need to secure the backend. You need to protect against XSS. Neither of those fixes the problem that was shown in the code.
> The article showed that a piece of vulnerable frontend code was generated.
The article didn't show anything. It just asserted it.
All right. This is over.
I'd be delighted if at least one of you two could present a coding example that, when run, demonstrates an actual problem that needs to be dealt with.
Declare victory if you must, but if your next response is anything other than example code that, when run, demonstrates the problem, it will be clear to everyone that you guys don't know what you're talking about.
Sorry to be so blunt but there's only so many ways to ask how it's a problem before it's clear there is no real answer.
This is a security risk, because form requests can mix trusted with untrusted inputs. (Trusted: e.g. the action selected from a drop-down. Untrusted: e.g. another user's text or name, or an entity name decoded from the initial URL.)
So, sticking with the "moderation tool" example, you could make a moderator execute an unintended moderation action when they interact with your carefully-crafted username.
The article showed that a piece of vulnerable frontend code was generated. Most commenters instantly dismissed that as an irrelevant concern and instead talked about securing the backend. Yes, you need to secure the backend. You need to protect against XSS. Neither of those fixes the problem that was shown in the code.
reply