On 04.04.2007, at 13:02, Chris Ovenden wrote:
I just read the paper and, correct me if I'm wrong, this vulnerability
*only* applies to JSON. XML is safe, because it has to be parsed
before the data can be extracted. I avoid JSON because I don't like to
have eval() statements in my code. This
On 4/3/07, Pedro Luz [EMAIL PROTECTED] wrote:
javascript also as the SOP (same origin policy)
actually it doesn't, this is how google adsense for example works.
w
I don't doubt that someone put alot of time into this particular FUD piece,
but once again (just like all the other articles on this subject), no proof
is given. If it's so easy, have it read an arbitrary email from my GMail and
THEN I will take the arguments seriously.
In the mean time, I laugh
How about posting some example code that shows an example of how secret
one time tokens can be created and used within jQuery.
I second that. It would go a long way in educating me on the proper way of
doing things.
--
Benjamin Sterling
http://www.KenzoMedia.com
http://www.KenzoHosting.com
Keep in mind that this is more of a server-side thing. The only JS piece
involves adding a variable value to your URL when pulling the data through
a script tag or an iframe.
e.g.: http://mysite/myapplication?uniquevalue=foo
Then, your server application should return an error (perhaps 500?)
Sterling
Sent: Tuesday, April 03, 2007 12:10 PM
To: jquery-en@googlegroups.com
Subject: [jQuery] Re: Web 2.0 is vulnerable to attack
How about posting some example code that shows an example
of how secret one time tokens can be created and used within jQuery.
I second that. It would go a long
Nathan, All good information, much appreciated.
--
Benjamin Sterling
http://www.KenzoMedia.com
http://www.KenzoHosting.com
7 matches
Mail list logo
