Hi Wicket applications shouldn't be affected by javascript hijacking. To be able to use this kind of hijacking, ajax response has to be directly executable javascript. Wicket's Ajax response is a xml file, which can not be directly evaluated, thus loading it from remote site using the <script> tag will not work. And Wicket's urls are dynamic, so there is not an easy way for the malicious site to guess the URL.
There is one thing to be careful about though. But this is not specific to Wicket, this is specific to all kind of web application. If you have e.g. blog application that allows users to enter comment that other users can see, always escape the <script> tags, so that user can't post <script< tag in a comment, as this can be used to steal other user's confidential informations. -Matej On 4/6/07, Niels Bo <[EMAIL PROTECTED]> wrote: > > Hi! > > How protected is Wicket against "JavaScript Hijacking", as described in this > paper? > > http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf > http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf > > > Best Regards > Niels Bo > -- > View this message in context: > http://www.nabble.com/JavaScript-Hijacking-tf3536320.html#a9870835 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Wicket-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/wicket-user > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Wicket-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wicket-user
