From 3d4a5ccd43d00a699454740ab8ddf8f26b503e9f Mon Sep 17 00:00:00 2001 From: paroche <46547072+paroche@users.noreply.github.com> Date: Tue, 20 Aug 2019 16:49:04 -0600 Subject: [PATCH] Update article.md --- 6-data-storage/01-cookie/article.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/6-data-storage/01-cookie/article.md b/6-data-storage/01-cookie/article.md index 66e5cbe8..cd4b47c9 100644 --- a/6-data-storage/01-cookie/article.md +++ b/6-data-storage/01-cookie/article.md @@ -192,7 +192,7 @@ To understand how it works and when it's useful, let's take a look at XSRF attac Imagine, you are logged into the site `bank.com`. That is: you have an authentication cookie from that site. Your browser sends it to `bank.com` with every request, so that it recognizes you and performs all sensitive financial operations. -Now, while browsing the web in another window, you occasionally come to another site `evil.com`. That site has JavaScript code that submits a form `
` to `bank.com` with fields that initiate a transaction to the hacker's account. +Now, while browsing the web in another window, you accidentally come to another site `evil.com`. That site has JavaScript code that submits a form `` to `bank.com` with fields that initiate a transaction to the hacker's account. The browser sends cookies every time you visit the site `bank.com`, even if the form was submitted from `evil.com`. So the bank recognizes you and actually performs the payment.