Tokens should not be injected into external links if the domainStrict property is set to true
forgedhallpass opened this issue · comments
forgedhallpass commented
It would be helpful to modify the test application to notify if DOM elements pointing to external links are changed to make testing easier.
forgedhallpass commented
Fixed by OWASP/www-project-csrfguard@9c9f855