24889 – I can send request in an automated way via http://www.whatwg.org/specs/web-apps/current-work/file-bug.cgi and cause a bug hell...

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24889 - I can send request in an automated way via http://www.whatwg.org/specs/web-apps/current-work/file-bug.cgi and cause a bug hell...

Summary: I can send request in an automated way via http://www.whatwg.org/specs/web-ap...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WHATWG
Classification:	Unclassified
Component:	HTML (show other bugs)
Version:	unspecified
Hardware:	Other other

Importance:	P3 normal
Target Milestone:	Unsorted
Assignee:	Ian 'Hixie' Hickson
QA Contact:	contributor

URL:	http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-02 07:44 UTC by contributor
Modified:	2014-03-03 19:40 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description contributor 2014-03-02 07:44:25 UTC

Specification: 
Multipage: http://www.whatwg.org/C#rautomatedusername=dannot
Complete: http://www.whatwg.org/c#rautomatedusername=dannot
Referrer: http://google.com/search?q=CSRF

Comment:
I can send request in an automated way via
http://www.whatwg.org/specs/web-apps/current-work/file-bug.cgi and cause a bug
hell...

Posted from: 217.10.40.49
User agent: <dannote>

Comment 1 Ian 'Hixie' Hickson 2014-03-03 19:40:26 UTC

That's why we log the IP address, so that it's trivial to then delete them. (And the referrer, so we can delete them on bulk in the case of XSS.)