[ ; Prevent CSRF (define-session csrf-token) (if (brl-blank? csrf-token) (set! csrf-token (brl-random-typeable 8))) (define-input name token) (define valid-submission (equal? token csrf-token)) (brl-when valid-submission ; Don't prevent XSS ]Hi [name]! Pleased to meet you! [) (brl-unless valid-submission ]<form> <input type="hidden" name="token" value="[csrf-token]" /> What's your name? <input type="text" name="name" /> <input type="submit" value="Introduce Yourself" /> </form> [)] <p><a href="[(brl-source-link brl-context)]">View Source</a></p> |