Reputation: 8819
javascript security rails
Let's say I have a page where a user has an option to like a dislike something. The like or dislike actions send a post message to a control which increments/decrements the number of likes on a object. However, the user is not logged in when they do this action.
How can I protect this page from javascript code that automatically clicks on like or dislike. Right now, after the user clicks one of them, that entire container becomes hidden, but couldnt someone use javascript (in the url/bookmarklet) to bring it back and then execute a click?
Upvotes: 1
Views: 62
Answers (1)
Reputation: 67019
Security problems include CSRF, Clickjacking and the Coup d'état for this poorly planed feature is that ip addresses are basically free. So if anyone wants to upvote, they can and they can do so as much as they want. If you want to slow them down you need a captcha to protect it.
Upvotes: 1
Related Questions
- Transferring sensitive information from javascript to rails
- Ruby on Rails: how to pass JSON to JavaScript
- Rails authenticate admin for pages -- but allow jquery calls
- Accessing javascripts in rails
- Security for Rails-based javascript apps: How do you verify permissions on a user within rendered javascript?
- Security in angular.js with Ruby on Rails
- Using javascripts in a RAILS application
- protect_from_forgery & Unobtrusive Javascript
- Rails - javascript injections
- How to pass rails model attributes to javascript safely?