Wouldn't this apply to any Ajax functions in any JS framework? Rey,
how do you suppose they are billing this as a potential security hole
for unauthorized access? I just don't see it. I was really hoping
Chris would contact me.
On Jan 14, 4:51 pm, Rey Bango wrote:
> Hey Chris,
>
> I understand. U
Hey Chris,
I understand. Unfortunately, without more details, it's going to be
very hard for us to help. If you can get us more info, we're here to
listen and help.
Rey...
On Thu, Jan 14, 2010 at 4:45 PM, ChrisM wrote:
> Rey, thanks for getting back to me. The issues were flagged as cross-
> si
Rey, thanks for getting back to me. The issues were flagged as cross-
site scripting, saying a call to getScript, getJSON etc. leaves the
door open for unauthorized requests.
Even though we are sure that we could use this safely in an
application, we are at the mercy of the scan results. Sorry tha
Chris,
Check your gmail. I wrote you with some info.
Justin
On Jan 14, 2:43 pm, Rey Bango wrote:
> Hi Chris,
>
> Thanks for the email. I think the best way to help us is to provide us
> with detailed information as to what your security team is having
> issues with. XHR in itself is not a secur
4 matches
Mail list logo
