XSS – Exécutée lors de la modification du DOM (Exemple $ ^{11} $ ) ## Cross Site Request Forgery (CSRF - Sea Surf) • Principe : – Faire réaliser à quelqu’un une action à son insu, avec ses propres infos w3c $ ^{35} $ , MDN $ ^{36} $ • Exemples, explications - Présentation XSS et CSRF $ ^{37} $ en français - Protection CSRF $ ^{38} $ en français • Utilitaires, tutos, exercices - Web Goat $ ^{39} $

view function Security in Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Referrer only How to use Django’s CSRF protection Using CSRF protection with AJAX Using CSRF protection in Jinja2 templates Using the decorator method Handling rejected requests Using CSRF protection with caching caching Testing and CSRF protection Edge cases CSRF protection in reusable applications How to create custom django-admin commands Accepting optional arguments Management commands and locales Testing Overriding

Page objects Security in Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Session }}

{% endif %}

{% csrf_token %} {% for choice in question.choice_set.all %} 0 码力 | 2915 页 | 2.83 MB | 2 年前

3

error_message }}

{% endif %} {% csrf_token %} {% for choice in question.choice_set.all %} 0 码力 | 1878 页 | 6.40 MB | 2 年前

Page objects Security in Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Session }}

{% endif %} {% csrf_token %} {% for choice in question.choice_set.all %} 0 码力 | 2746 页 | 2.67 MB | 2 年前

error_message }}

{% endif %} {% csrf_token %} {% for choice in question.choice_set.all %} 0 码力 | 1880 页 | 6.41 MB | 2 年前

view function Security in Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Referrer polls/templates/polls/detail.html {% csrf_token %}

{{ question.question_text }}

{% if error_message protecting against it. In short, all POST forms that are targeted at internal URLs should use the {% csrf_token %} template tag. Now, let’s create a Django view that handles the submitted data and does something

polls/templates/polls/detail.html {% csrf_token %}

{{ question.question_text }}

{% if error_message %}

{{ protecting against it. In short, all POST forms that are targeted at internal URLs should use the {% csrf_token %} template tag. Now, let’s create a Django view that handles the submitted data and does something handler400: handler400 = 'mysite.views.my_custom_bad_request_view' See also: Use the CSRF_FAILURE_VIEW setting to override the CSRF error view. Testing custom error views To test the response of a custom error

error_message }}

{% endif %} {% csrf_token %} {% for choice in question.choice_set.all %} 0 码力 | 2053 页 | 6.92 MB | 2 年前

Coding guidelines Security in Django Cross site scripting (XSS) protection Cross site request forgery (CSRF) protection SQL injection protection Clickjacking protection SSL/HTTPS Host header validation Session }}

{% endif %} {% csrf_token %} {% for choice in question.choice_set.all %} 0 码力 | 2538 页 | 2.59 MB | 2 年前