occasionally useful ruby, ubuntu, etc

28Mar/080

jQuery and Javascript Hijacking

I stumbled upon this XSS exploit that Fortify published a little over a year ago that jQuery has failed to account for, even now. Sort of worrisome, since that's the javascript framework I prefer most. Prototype, however, has "fixed" it, as you can tell from the bottom of this page. Anyway, sort of a long read.

Fortify publication (pdf)

Filed under: jquery, web 2.0 Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


No trackbacks yet.

» «

Categories

Tags

9.04 cloud couchdb database debugging delivery distributing distribution document-oriented database dropbox firebug firefox flash food games gosu greasemonkey grocery guide imagemagick installation invitation jaunty jaunty jackalope javascript jquery linux log merb migration openssl organic packages processor Rackspace rmagick ruby ruby 1.9 ruby 1.9.1 script Slicehost sound source spud! Ubuntu

Recent Comments

Email me

Max Aller [email protected]