Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Cross-site scripting attacks

 
Ranch Hand
Posts: 320
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since Ajax approach leads to implementing code in javascript, How vulnerable it is for Cross-site scripting attacks?
 
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The XHR request object can not talk accross domains, a normal link or a forum submission is more viscious in where it can talk too.

Now if you are looking at the Yahoo worm or the myspace worm that used Ajax, read this posting on my blog: http://radio.javaranch.com/pascarello/2006/06/13/1150210232222.html

Eric
 
Rajan Chinna
Ranch Hand
Posts: 320
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mr.Eric
Thanks for the link, I was highly impressed about the depth of knowledge you possess I read your interview it was great.
I bookmarked your blog, hope you will add more interesting info for techie's quite frequently.
And also thanks for taking time and answering questions. Keep up the good job.
 
Everybody! Do the Funky Monkey! Like this tiny ad!
the value of filler advertising in 2020
https://coderanch.com/t/730886/filler-advertising
    Bookmark Topic Watch Topic
  • New Topic