Hello,

I work on a US Army website and have been using jQuery and UI for some
time. We have started working on a dynamic hosting environment
(instead of serving flat html pages) and in the process, ajax
functions in jQuery 1.3.2 have been flagged as insecure by our DoD
security team. Although I know that these functions pose no real
security risk whatsoever, I had no choice but to remove them to get
jQuery past security scans to a ".mil" server.

Now removing some functionality wasn't a problem for me since I am
pretty familar with jQuery. However, I wanted to suggest that you
consider hosting a "secure" version of jQuery, without the ajax
functions currently in 1.3, to assist people newer to jQuery who may
be working in a locked down environment.

Thanks,
Chris

Reply via email to