Cross Site Request Forgery (CSRF) for javascripts - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6) +--- Forum: CodeIgniter 2.x (https://forum.codeigniter.com/forumdisplay.php?fid=18) +--- Thread: Cross Site Request Forgery (CSRF) for javascripts (/showthread.php?tid=64800) |
Cross Site Request Forgery (CSRF) for javascripts - syscoid - 03-28-2016 can helping me for ajax security issue for XSS <script> $("#frm1").validationEngine(); $("#reset").click(function(){ val = $(this).html(); pass = $('#pass').val(); re_pass = $('#re_pass').val(); code = '<?=$this->uri->segment(4)?>'; if(val != 'Loading...'){ if ($("#frm1").validationEngine('validate')) { $(this).html('Loading...'); $.ajax({ url : '<?=site_url('forgot/update_pwd')?>', type : 'POST', data : 'pass='+pass+'&re_pass='+re_pass+'&code='+code, error : function() {alert('error!');}, dataType : 'json', success : function(ret){ if (ret.error == 1) { notify(ret.message,'error'); } else{ $('#success').removeClass('hide'); } $('#reset').html(val); return false; } }); } } }) </script> i want to added <?php echo $this->security->get_csrf_token_name(); ?>':'<?php echo $this->security->get_csrf_hash(); ?> on javascripts can helping me please... |