W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2010

[whatwg] element "img" with HTTP POST method

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 10 Dec 2010 09:23:57 +0100
Message-ID: <4D01E39D.3050803@gmx.de>
On 10.12.2010 01:46, Tab Atkins Jr. wrote:
> ...
> Indeed.  You shouldn't be able to trigger POSTs from involuntary
> actions.  They should always require some sort of user input, because
> there is simply *far* too much naive code out there that is vulnerable
> to CSRF.
> ...

Thanks, Tab.

It's sad that the discussion even got that far.

If the URI length is a problem because of browsers, fix the browsers to 
extend the limits, instead of adding a completely new feature.

Best regards, Julian
Received on Friday, 10 December 2010 00:23:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:02 UTC