Item2156: Update the CSRF 'suspicion' message

It is suggested that we update the CSRF "suspicion" message to indicate that javascript is required.

-- IngoKappler

I updated WhyYouAreAskedToConfirm, which is referred to from the templates that generate the dialog if i'm not mistaken. We might want to add the javascript suggestion to the validation.tmpl itself as well. If no-one objects, I will do so.

-- KoenMartens - 25 Sep 2009

This can even go into <noscript> tags so that it is only shown when no javascript is on.

-- ArthurClemens - 25 Sep 2009

I've seen the WhyYouAreAskedToConfirm related error message several times in our intranet based wiki and I am pretty sure no one tries to attack. So I found that I most likely triggered it by starting an edit session, then leaving it via the back button and re-entering it later on maybe even via another tab.

What I want to say is that this "...can sometimes be triggered when you do something perfectly innocent." may not be that innocent but "stupid" and "general" end user behaviour. Shouldn't this reaction also be addressed in WhyYouAreAskedToConfirm, so users can read about it instead of wondering what they did wrong?

-- IngoKappler - 25 Sep 2009

This has been implemented, first revision on 18 Nov 2009. The javascript note is at the bottom.

-- ArthurClemens - 22 Jan 2011