tags 557745 - security severity 557745 minor The security issue described is the well known "Cross-Site Scripting"[1] problem. It's in the responsibility of a web application developer to guard the application that uses YUI against this issue, but it's not a security issue of any Javascript library.
[1] http://en.wikipedia.org/wiki/Cross-site_scripting Please consult the following pages this thread to learn more about whether this is a YUI issue: http://tech.groups.yahoo.com/group/ydn-javascript/message/11714 (full thread) http://tedhusted.wordpress.com/2007/04/10/fortifying-ajax/ Learn more about how to avoid Cross Site Scripting problems in your app: http://directwebremoting.org/blog/joe/2007/04/04/how_to_protect_a_json_or_javascript_service.html http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gwt- applications I'm not closing the bug yet, to let people comment on it. Thomas Koch, http://www.koch.ro -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

