search

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
https://cheatsheetseries.owasp.org
Creative Commons Attribution Share Alike 4.0 International
27.08k stars 3.79k forks source link

Update: CSRF Broken Markup? #1375

Closed ljrk0 closed 2 months ago

ljrk0 commented 2 months ago

What is missing or needs to be updated?

The defunct PR #690, then merged as #707 fixed various authentication vs. authorization mistakes in the CSRF Cheat Sheet. Among others, the following was changed:

- - Re-Authentication (password or stronger)
+ - ~~Re-Authentication~~ Authorization mechanism (password or stronger)

It's unclear to me why the old/"wrong" term should still be included here, even if in strike-through.

Additionally, in PR #1247 the space after the double tilde was removed, which is okay for GFLM but not for the renderer used on the OWASP web page, breaking markup there.

How should this be resolved?

Depending on the original intention, the old term should either be removed or the markup fixed. In addition, one could investigate how the broken markup made it through CI?

mackowski commented 2 months ago

@jmanico can you take a look into that? It looks strange now

jmanico commented 2 months ago

I am short on time but will look at this - this week.

jmanico commented 2 months ago

This is fixed and live