-
Book Overview & Buying
-
Table Of Contents
JavaScript Security
By :
Cross-site request forgery (CSRF) exploits the trust that a site has in a user's browser. It is also defined as an attack that forces an end user to execute unwanted actions on a web application in which the user is currently authenticated. We have seen at least two instances where CSRF has happened. Let's review these security issues now.
We will now take a look at a basic CSRF example:
Go to the source code provided for this chapter and change the directory to chp4/python_tornado. Run the following command:
python xss_version.py
Remember to start your MongoDB process as well.
Next, open external.html found in templates, in another host, say http://localhost:8888. You can do this by starting the server, which can be done by running python xss_version.py –port=8888, and then visiting http://loaclhost:8888/todo_external. You will see the following screenshot:

Adding a new to-do item
Click on Add To Do, and fill in a new to-do item, as shown...
Change the font size
Change margin width
Change background colour