> btw, I also saw you landed an auto-fetching for script (FYI, I > "synchronized" the rewrite with latest changes, including javascript > auto-execution) but I believe it is just plain wrong to let the server > decide of what should be executed client-side (especially with cross-domain > xhr getting more widespread). Protected JSON decoding is fine by me but > javascript silently getting executed seems like a hell of a hole.
If you're worried about JavaScript coming to the client and executing there's little that jQuery can do to try and stop it - especially since script tags could be injected into raw HTML and get inserted into a site. If you're worried about auto-executing script then you should also be worried about getScript and .load(). --John
-- You received this message because you are subscribed to the Google Groups "jQuery Development" group. To post to this group, send email to jquery-...@googlegroups.com. To unsubscribe from this group, send email to jquery-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/jquery-dev?hl=en.
