* Christopher Laco <[EMAIL PROTECTED]> [2008-01-23 04:40]: > But surely the same is true for POST as well using a > form/javascript.
Yes. `form.submit()` is a blight on browsers. :-( The fact that it’s the only violation of web arch in the browser model is small solace. But just because a determined attacker can do damage on purpose doesn’t mean you have to make it really easy too, does it? Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/