occasionally useful ruby, ubuntu, etc


jQuery and Javascript Hijacking

I stumbled upon this XSS exploit that Fortify published a little over a year ago that jQuery has failed to account for, even now. Sort of worrisome, since that's the javascript framework I prefer most. Prototype, however, has "fixed" it, as you can tell from the bottom of this page. Anyway, sort of a long read.

Fortify publication (pdf)

Filed under: jquery, web 2.0 No Comments