Brian,
i don't know if you read it but me and Giorgio Fedon presented a paper
named Subverting Ajax at 23rd CCC Congress.
(4th section XSS Prototype Hijacking)
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
It described a technique called Prototype Hijacking,
...oOOo
Stefano Di Paola
Software Security Engineer
Owasp Italy RD Director
Web: www.wisec.it
Twitter: http://twitter.com/WisecWisec
..
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions
Guys,
maybe the client side security people may be interested :
http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html
Cheers,
Stefano
--
...oOOo...oOOo
Stefano Di Paola
Software Security Engineer
Owasp Italy RD Director
Web: www.wisec.it
Twitter: http://twitter.com/WisecWisec