Logic problems in Token processing

[dayutech]

Very good project, it helped me a lot and gave me ideas for doing CSRF checks, but I found some minor problems while reading. When token processing is performed, localTokens are a set, which cannot have duplicate values. Then localTokens are assigned to allTokens by traversing them. All this takes place in the Evaluate function. The problem is that in earlier Bolt.py token comparisons, allTokens were first rebranded with set tokens. Of course, we know that allTokens have already been rebranded with localTokens, so the size of the uniqueTokens that will be rebranded will be consistent with allTokens no matter what. So it's never typed into the logic that determines token duplication.

[nrathaus]

allTokens is not a set()

uniqueTokens is a set(allTokens)

allTokens is built from the dataset which is allForms (its source is from this)

Therefore there is no issue as you stated

This at least for the source code available for the past two years