Hi Chris, Thanks for the email. I think the best way to help us is to provide us with detailed information as to what your security team is having issues with. XHR in itself is not a security issue but more in the way that a developer manages the requests/responses. If there are specific concerns, maybe we can help to address them.
Rey... On Thu, Jan 14, 2010 at 1:13 PM, ChrisM <manni...@gmail.com> wrote: > Hello, > > I work on a US Army website and have been using jQuery and UI for some > time. We have started working on a dynamic hosting environment > (instead of serving flat html pages) and in the process, ajax > functions in jQuery 1.3.2 have been flagged as insecure by our DoD > security team. Although I know that these functions pose no real > security risk whatsoever, I had no choice but to remove them to get > jQuery past security scans to a ".mil" server. > > Now removing some functionality wasn't a problem for me since I am > pretty familar with jQuery. However, I wanted to suggest that you > consider hosting a "secure" version of jQuery, without the ajax > functions currently in 1.3, to assist people newer to jQuery who may > be working in a locked down environment. > > Thanks, > Chris >
