Reviewing Code for Cross-Site Request Forgery