Simon Willison’s Weblog

Items tagged csrf, joewalker in Mar, 2007

Filters: Year: 2007 × Month: Mar × csrf × joewalker ×


JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor. # 5th March 2007, 10:51 pm

Types

Years

Months

Tags