Add a CSRF token in the calculator form. Avoid printing an unescaped error (which may contain JS). (!123) · Merge requests · CAiMIRA / CAiMIRA · GitLab

Philip Elson requested to merge pelson/cara:security/review into master Dec 17, 2020

Further to the security audit, two very easy wins:

Include a CSRF token
Escape the error message when invalid input submitted

closes #131 (closed)

Edited Dec 17, 2020 by Andre Henriques