My reading of these "security" warnings is that they are FUD pure and simple.
NO ONE but YOU can put any malicious JavaScript on to your web application. The single take away (true point) they don't point out is that if you use any javascript hosted on a remote server (google adwords for example) fully compromises any page that host these scripts. This is not in any way an unexpected result. So for any site that needs security Don't host third party scripts/content problem solved. If you are truly concerned about security i recommend. How to Break Web Software http://www.amazon.com/How-Break-Web-Software-Applications/dp/0321369440 On 4/16/07, Fila <[EMAIL PROTECTED]> wrote:
Hello there! I'm worried about the security of Jquery and found a paper about the Javascript Hijacking that says Jquery and others frameworks are vulnerables. Please take a look. Paper: http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf or http://tinyurl.com/28nzje Responses to many of the blog comments, by one of the paper's co- authors: http://www.schneier.com/blog/archives/2007/04/javascript_hija_1.html#c160667 or http://tinyurl.com/yqaoz5 I strongly recomends that Jquery Team think about security in the futures versions of Jquery. I love jquery and I just want that this framework be among of the protected ones! bb, Fila
-- Scott Wickham ******************************************************************************************** Everyone is equal and everyone is the best at everything. --- Principal Skinner "Success is a lousy teacher. It seduces smart people into thinking they can't lose." -Bill Gates 99% of the time, in my experience, the hard part about creativity isn't coming up with something no one has ever thought of before. The hard part is actually executing the thing you've thought of. -- seth godin ********************************************************************************************
