I thought Function.call/Function.apply were pretty common, so until I
see some documentation, I'm assuming it's FUD.
I asked the person who mentioned it if he knew of any documentation, but
I haven't heard back yet...
Luke
John Resig wrote:
> I don't know about that... are there any specifics relating to this,
> or is it just FUD? I mean, there's tons of ways to do XSS stuff -
> triggering a function call seems hardly worthy of additional
> attention.
>
> Plus, if you're in a situation where XSS may be a factor, this is
> probably the least of your worries.
>
> --John
>
> On 3/23/07, Luke Lutman <[EMAIL PROTECTED]> wrote:
>> I got an email today that one of my plugins might be a cross-site
>> scripting/security risk because the plugin uses the Function.call()
>> method, like so:
>>
>> $.fn.plugin = function(elem, options, callback) {
>> callback.call(elem, options);
>> };
>>
>> Has anyone heard of or dealt with this problem? If it is a security
>> risk, wouldn't Function.apply also be an issue?
>>
>> Thanks,
>> Luke
>>
>> _______________________________________________
>> jQuery mailing list
>> discuss@jquery.com
>> http://jquery.com/discuss/
>>
>
> _______________________________________________
> jQuery mailing list
> discuss@jquery.com
> http://jquery.com/discuss/
_______________________________________________
jQuery mailing list
discuss@jquery.com
http://jquery.com/discuss/
