[Pkg-javascript-devel] Bug#557745: not a security issue
Thomas Koch
thomas at koch.ro
Wed Nov 25 12:52:02 UTC 2009
tags 557745 - security
severity 557745 minor
The security issue described is the well known "Cross-Site Scripting"[1]
problem. It's in the responsibility of a web application developer to guard
the application that uses YUI against this issue, but it's not a security
issue of any Javascript library.
[1] http://en.wikipedia.org/wiki/Cross-site_scripting
Please consult the following pages this thread to learn more about whether
this is a YUI issue:
http://tech.groups.yahoo.com/group/ydn-javascript/message/11714 (full thread)
http://tedhusted.wordpress.com/2007/04/10/fortifying-ajax/
Learn more about how to avoid Cross Site Scripting problems in your app:
http://directwebremoting.org/blog/joe/2007/04/04/how_to_protect_a_json_or_javascript_service.html
http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gwt-
applications
I'm not closing the bug yet, to let people comment on it.
Thomas Koch, http://www.koch.ro
More information about the Pkg-javascript-devel
mailing list