- From: Giorgio Maone <g.maone@informaction.com>
- Date: Thu, 20 Sep 2012 20:40:34 +0200
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- CC: Adam Barth <w3c@adambarth.com>, Mike West <mkwst@google.com>, public-webappsec@w3.org
On 20/09/2012 20:30, Boris Zbarsky wrote: > On 9/20/12 2:16 PM, Adam Barth wrote: >> Maybe it only works for data that's been pre-filled into input@value ? > > It would work for that, yes. ...like most CSRF tokens. -- G
Received on Thursday, 20 September 2012 18:40:54 UTC