team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed apostrophe

Browse Source
This commit is contained in:
GSMcNamara
2013-11-07 15:02:31 -05:00
parent 813711d79e
commit 7ddec28bcc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/views/layouts/tutorial/csrf/_csrf_first.html.erb
+1 -1
View File
@@ -60,7 +60,7 @@
<div class="accordion-inner"> <div class="accordion-inner">
<p><b> Cross-Site Request Forgery ATTACK:</b></p> <p><b> Cross-Site Request Forgery ATTACK:</b></p>
<p class="desc"> <p class="desc">
The application allows users to update their calendar and schedule PTO events (PTO section). Due to the fact CSRF protections are disabled, the AJAX request will send the authenticity token but the application will <b>not</b> validate either it's presence or validity. Create an html page using the code shown below, authenticate as another user, click on it, review the new calendar (change the dates under date_range1). You should see this HTML code will work, even if you hadn't navigated to the PTO section prior to sending it. The application allows users to update their calendar and schedule PTO events (PTO section). Due to the fact CSRF protections are disabled, the AJAX request will send the authenticity token but the application will <b>not</b> validate either its presence or validity. Create an html page using the code shown below, authenticate as another user, click on it, review the new calendar (change the dates under date_range1). You should see this HTML code will work, even if you hadn't navigated to the PTO section prior to sending it.
</p> </p>
<p> <p>
<pre class="ruby"> <pre class="ruby">