The defunct PR #690, then merged as #707 fixed various authentication vs. authorization mistakes in the CSRF Cheat Sheet. Among others, the following was changed:
- - Re-Authentication (password or stronger)
+ - ~~Re-Authentication~~ Authorization mechanism (password or stronger)
It's unclear to me why the old/"wrong" term should still be included here, even if in strike-through.
Additionally, in PR #1247 the space after the double tilde was removed, which is okay for GFLM but not for the renderer used on the OWASP web page, breaking markup there.
How should this be resolved?
Depending on the original intention, the old term should either be removed or the markup fixed. In addition, one could investigate how the broken markup made it through CI?
What is missing or needs to be updated?
The defunct PR #690, then merged as #707 fixed various authentication vs. authorization mistakes in the CSRF Cheat Sheet. Among others, the following was changed:
It's unclear to me why the old/"wrong" term should still be included here, even if in strike-through.
Additionally, in PR #1247 the space after the double tilde was removed, which is okay for GFLM but not for the renderer used on the OWASP web page, breaking markup there.
How should this be resolved?
Depending on the original intention, the old term should either be removed or the markup fixed. In addition, one could investigate how the broken markup made it through CI?