On-site Request Forgery (OSRF)

TL;DR: Stored HTML triggers same-origin requests on every viewer’s behalf — like CSRF but already past the origin check.

Stub — to be filled in.

What it is

TODO

TODO

TODO

TODO