Simon McVittie wrote: > The comment-posting form uses a token to prevent cross-site request forgery > (at least for logged-in users); the static pages can't have this token.
Was that all it was? XSRF could be avoided via a preview step. -- see shy jo
signature.asc
Description: Digital signature
