Skip to main content
Magento

Return to Answer

Form key prevents CSRF not XSS attacks. :)
Source Link
edit approved Jul 28, 2016 at 16:46
Community Bot
edit approved Jul 28, 2016 at 16:46
Community Bot
  • 1

Newer versions of Magento require forms to have <input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey() ?>" /> to prevent XSSCSRF (Cross-Site Request Forgery) attacks.

Newer versions of Magento require forms to have <input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey() ?>" /> to prevent XSS attacks.

Newer versions of Magento require forms to have <input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey() ?>" /> to prevent CSRF (Cross-Site Request Forgery) attacks.

Source Link
andyjv
andyjv
  • 3.3k
  • 5
  • 28
  • 49

Newer versions of Magento require forms to have <input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey() ?>" /> to prevent XSS attacks.