[Tickets #5307] Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection
bugs at bugs.horde.org
bugs at bugs.horde.org
Wed Apr 25 19:27:45 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5307
-----------------------------------------------------------------------
Ticket | 5307
Created By | Chuck Hagenbuch <chuck at horde.org>
Summary | Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection
Queue | Horde Base
Version | HEAD
Type | Enhancement
State | Accepted
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2007-04-25 12:27) wrote:
http://prototypejs.org/2007/4/24/release-candidate-3
It'd be good to add a security delimiter of some sort to our ajax, also,
taking advantage of the support in rc3 for stripping them before eval'ing.
See
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
and http://dev.rubyonrails.org/ticket/7910
More information about the bugs
mailing list