Catch TypeError comparing strings with non-ASCII characters is not supported

maxcountryman / flask-seasurf

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

http://readthedocs.org/docs/flask-seasurf/

Other

190 stars 49 forks source link

Catch TypeError comparing strings with non-ASCII characters is not supported #133

Closed alanhamlett closed 2 years ago

alanhamlett commented 2 years ago

When a malicious user changes the csrf token value to contain non-ASCII characters, Flask-SeaSurf raises a TypeError. This prevents that error by catching and evaluating the strings as not matching.