Bypassing CSP with Form Hijacking (portswigger.net)
from repostbot33@lemmy.world to netsec@lemmy.world on 06 Mar 2024 09:00
https://lemmy.world/post/12796848

#netsec

threaded - newest

ramble81@lemm.ee on 06 Mar 2024 15:25 collapse

And that’s why you make sure you have sanitization checks on the backed too. From end should just provide your users with quicker feedback and save on network traffic. The backend should prevent anything from actually being executed that shouldn’t. That way it doesn’t matter how it gets submitted. Same if you were have a UI and API. The API may get inputs outside of a UI so you should have your checks there.