> That's all nice & dandy for json. But the "javascript getting executed
> solely on server saying so" problem still remains. The fact you had to
> change the synchronous request tests is a clear proof of the problem to me:
> existing code will break (no issue if documented), existing code will face a
> security hole (more problematic to say the least).

I've already documented the change in the new 1.4 API docs. As I said
before, the second issue is not any more of an issue then what is
already happening with .load() - in fact I would say it's less of an
issue then what happens with .load() since XSS attacks are far more
likely to occur in raw HTML (which .load() deals with).

--John
-- 
You received this message because you are subscribed to the Google Groups 
"jQuery Development" group.
To post to this group, send email to jquery-...@googlegroups.com.
To unsubscribe from this group, send email to 
jquery-dev+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/jquery-dev?hl=en.


Reply via email to