Given XSS
When I attempt to make a request to another url
And I have access to CSRF cookie
And I don't have access to form input value
Then prevent the request via CSRF protection.
Unable to protect
XSS same page attacks cannot be protected.
Because attacker has access to cookie and form value.
Given XSS When I attempt to make a request to another url And I have access to CSRF cookie And I don't have access to form input value Then prevent the request via CSRF protection.
Unable to protect XSS same page attacks cannot be protected. Because attacker has access to cookie and form value.