Hi,
Our customer did a security scan and found the following JS code is subject to CSRF attacks,
document.domain = document.domain.replace(/.*?\./, '');
looks like it tries to update document domain to top level domain only, for example, github.com to com, but what's the purpose of the code? On Firefox the code is not allowed to run and exception is thrown. How should I respond to the customer?
Thanks a lot,
Calvin
Our customer did a security scan and found the following JS code is subject to CSRF attacks,
document.domain = document.domain.replace(/.*?\./, '');
looks like it tries to update document domain to top level domain only, for example, github.com to com, but what's the purpose of the code? On Firefox the code is not allowed to run and exception is thrown. How should I respond to the customer?
Thanks a lot,
Calvin