{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 劫难 的问题《<form:form> in JSTL have CSRF included? (Spr》','https://www.manongdao.com/q-1111051.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I came across with a tutorial to handle logins in Spring Security with custom forms and at some point the tutorial make this statement:
In case we are using spring
<form:form>, we need not to include tag for CSRF.
Why there is no need to use CSRF with forms in JSTL?
Hope you can help, beacuse CSRF is not that well documented or at least not well explained.
<form:form>is the spring tag when using jsp which implies they are already taking care for the csfr if its their own tag. Straight from their documentation: