We are very concerned with security and in this case it is up to the developer to be smart in how sensitive information is delivered and handled on the client side. jQuery provides the means necessary to execute the technique found in the paper to overcome this issue.
Also just recently there was a thread about this issue in more detail. http://groups.google.com/group/jquery-en/browse_thread/thread/b467908cd0bb5581/9b83cd2d22c1c140?lnk=gst&q=javascript+vulnerability&rnum=1#9b83cd2d22c1c140 -- Brandon Aaron On 4/16/07, Fila <[EMAIL PROTECTED]> wrote:
Hello there! I'm worried about the security of Jquery and found a paper about the Javascript Hijacking that says Jquery and others frameworks are vulnerables. Please take a look. Paper: http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf or http://tinyurl.com/28nzje Responses to many of the blog comments, by one of the paper's co- authors: http://www.schneier.com/blog/archives/2007/04/javascript_hija_1.html#c160667 or http://tinyurl.com/yqaoz5 I strongly recomends that Jquery Team think about security in the futures versions of Jquery. I love jquery and I just want that this framework be among of the protected ones! bb, Fila
