On Mon, Dec 7, 2009 at 12:36 PM, Daniel Glazman <daniel@glazman.org> wrote: > Adam Barth wrote: >> I would encourage you to read the full thread before responding. A >> more compelling risk is the theft of secret tokens used to protect >> against CSRF. Those are stored in the default value of attributes of >> input elements. > > I just started reading the thread. But it really starts with a false > hypothesis and I replied to that. Let me explore the rest of the thread. > After all, you did not get the whole thread yourself at the same moment, > did you? Indeed not. However, your email repeats points that were already made later in the thread and understood. AdamReceived on Monday, 7 December 2009 20:40:33 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT