[TYPO3-dev] protecting TYPO3 against cross-site scripting and click-jacking attacks ?
Helmut Hummel
helmut.hummel at typo3.org
Wed Apr 20 09:34:20 CEST 2011
Hi!
On 18.04.11 14:03, Dmitry Dulepov wrote:
> bernd wilke wrote:
>> In the last sentence they mention
>> plugins for WordPress, Drupal and Django.
>
> Interesting becase Django has a built-in transparent protection against
> CSRF, which is on by default.
Yeah, but Bernd is talking about XSS not CSRF ;)
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-dev
mailing list