>>>>> On Thu, 6 Dec 2012 11:53:44 -0500, Kito Mann <kito.mann_at_virtua.com> said:
KM> Here are a few more comments:
KM> Preface, p38 -- Cross site request forgery (not client side request forgery)
KM> 2.5.3.1 -- StateHelper should be mentioned here
KM> 7.6.2.4 -- awkward sentence -- should be more like "ViewHandler has several
KM> methods for handling cross-site scripting protecting. These method names
KM> all have the text "protectedView" and are covered in the Javadocs."
KM> 7.6.3 -- very vague -- doesn't even explain what the View Protection API is.
KM> I feel like we need a section explaining what "view protection" is, how it
KM> relates to CSRF, and points readers to the relevant sections (perhaps it's
KM> there and I missed it...)
Thanks, applying them now.
Ed
--
| edward.burns_at_oracle.com | office: +1 407 458 0017
| homepage: | http://ridingthecrest.com/