Django Book 翻译
菜单>:
TOC
返回
原文:
Well, despite the extra security, this arrangement can still be exploited by CSRF the malicious page just needs to do a little more work. Attackers can create an entire form targeting your site, hide it in an invisible ``
`` , and then use JavaScript to submit that form automatically.
翻译:
尽管增加了额外的安全机制,这种设计仍然会遭到 CSRF 的攻击——恶意页面仅需一点点改进而已。攻击者可以针对你的站点设计整个表单,并将其藏身于一个不可见的 ``
`` 中,然后使用 Javascript 自动提交该表单。
备注:
译者: