Actually iam well perplexed with the situation.... The form that iam embedding in another site, when submitted, the POST action does not actually store or retrieve anything from the database... It just manipulates the form param data, that is submitted by POST, to get the next page... So with this as the situation is it safe to disable forgery protection for that POST action and continue ???? Will this make it XSS vulnerable ??? Pls guide me on this.... Expert advice and comments are most needed to guide me towards the right direction....
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
