CSRF protection also fixes reflected XSS
- Read more about CSRF protection also fixes reflected XSS
- Log in to post comments
An application I have recently tested had cross-site request forgery protection implemented throughout - every single form or link with parameters had an additional parameter with a value derived from the session id. When the form is submitted or the link is clicked, before any other processing, this parameter value is checked.
And guess what - that also makes all reflected cross-site scripting bugs not exploitable. How?