[whatwg] element "img" with HTTP POST method
julian.reschke at gmx.de
Fri Dec 10 00:23:57 PST 2010
On 10.12.2010 01:46, Tab Atkins Jr. wrote:
> Indeed. You shouldn't be able to trigger POSTs from involuntary
> actions. They should always require some sort of user input, because
> there is simply *far* too much naive code out there that is vulnerable
> to CSRF.
It's sad that the discussion even got that far.
If the URI length is a problem because of browsers, fix the browsers to
extend the limits, instead of adding a completely new feature.
Best regards, Julian
More information about the whatwg