Chapter 11 ■ the World Wide Web
202
If this code is merely present on the page when the user was logged into the payments application, then the POST
request it describes will fire off and make the payment, automatically, on behalf of the innocent user. Because the
code inside