File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes XML and Related Technologies and the fly likes Cross-site scripting attacks Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » XML and Related Technologies
Bookmark "Cross-site scripting attacks" Watch "Cross-site scripting attacks" New topic

Cross-site scripting attacks

Rajan Chinna
Ranch Hand

Joined: Jul 01, 2004
Posts: 320
Since Ajax approach leads to implementing code in javascript, How vulnerable it is for Cross-site scripting attacks?
Eric Pascarello

Joined: Nov 08, 2001
Posts: 15385
The XHR request object can not talk accross domains, a normal link or a forum submission is more viscious in where it can talk too.

Now if you are looking at the Yahoo worm or the myspace worm that used Ajax, read this posting on my blog:

Rajan Chinna
Ranch Hand

Joined: Jul 01, 2004
Posts: 320
Thanks for the link, I was highly impressed about the depth of knowledge you possess I read your interview it was great.
I bookmarked your blog, hope you will add more interesting info for techie's quite frequently.
And also thanks for taking time and answering questions. Keep up the good job.
I agree. Here's the link:
subject: Cross-site scripting attacks
It's not a secret anymore!