Hi Chris,

Thanks for the email. I think the best way to help us is to provide us
with detailed information as to what your security team is having
issues with. XHR in itself is not a security issue but more in the way
that a developer manages the requests/responses. If there are specific
concerns, maybe we can help to address them.

Rey...

On Thu, Jan 14, 2010 at 1:13 PM, ChrisM <manni...@gmail.com> wrote:
> Hello,
>
> I work on a US Army website and have been using jQuery and UI for some
> time. We have started working on a dynamic hosting environment
> (instead of serving flat html pages) and in the process, ajax
> functions in jQuery 1.3.2 have been flagged as insecure by our DoD
> security team. Although I know that these functions pose no real
> security risk whatsoever, I had no choice but to remove them to get
> jQuery past security scans to a ".mil" server.
>
> Now removing some functionality wasn't a problem for me since I am
> pretty familar with jQuery. However, I wanted to suggest that you
> consider hosting a "secure" version of jQuery, without the ajax
> functions currently in 1.3, to assist people newer to jQuery who may
> be working in a locked down environment.
>
> Thanks,
> Chris
>

Reply via email to