> > the javascript would be served from the same website... > consider a forum...u enter some javascript in comments.....when > another user opens the forum thread, the javascript u entered would be > executed...that is the way i suppose how CSRF works...correct me if > i'm wrong.. > .
You are describing XSS, not CSRF. XSS is basically getting a script to run when a user views a page, i.e. your forum comments example. CSRF, as Jarkko stated, is about sending requests to your server which are automatically authenticated, usually by the cookie information that the browser sends for that domain. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
