- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 7 Dec 2009 12:39:32 -0800
- To: Daniel Glazman <daniel@glazman.org>
- Cc: public-web-security@w3.org
On Mon, Dec 7, 2009 at 12:36 PM, Daniel Glazman <daniel@glazman.org> wrote: > Adam Barth wrote: >> I would encourage you to read the full thread before responding. A >> more compelling risk is the theft of secret tokens used to protect >> against CSRF. Those are stored in the default value of attributes of >> input elements. > > I just started reading the thread. But it really starts with a false > hypothesis and I replied to that. Let me explore the rest of the thread. > After all, you did not get the whole thread yourself at the same moment, > did you? Indeed not. However, your email repeats points that were already made later in the thread and understood. Adam
Received on Monday, 7 December 2009 20:40:33 UTC