Should xsrf be a synonym for csrf?
OWASP treats it as such.
I don't think so.
CSRF is the standard, most widely used name. Once upon a time, people used to sometimes use XSRF as an alternate name for the attack, but these days I don't see anyone using the name "XSRF" any longer. And, we don't currently have any questions that are tagged XSRF.
So, my suggestion would be: use csrf as the tag for these questions. Don't introduce a synonym for XSRF; there doesn't seem to be any need for it. Don't introduce a tag for XSRF. If anyone happens to tag their question with XSRF (which hasn't happened yet to date, as far as I can tell), edit the question to replace XSRF with CSRF.
xsrf
, it then warrants a synonym.
Commented
Aug 13, 2012 at 21:36