以上表单调用的 Python 脚本将导入 cgi 以使整理其调用表单变得更容易。
The Python script that gets called by the above form does an import cgi to make sorting out its calling form easy.
由于在每次调用表单时都会更改标记,因此想要成为攻击者就必须获得发送表单的实例,去掉标记,并把它放到假表单中。
Because the token is changed each time the form is drawn, a would-be attacker would have to get an instance of the sending form, strip out the token, and put it in their spoofing version of the form.
可以在页面和条目节点以及表单节点上调用这个函数。
The function can be called on page and item nodes as well as form nodes.
应用推荐