[Tickets #5307] Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection

bugs at bugs.horde.org bugs at bugs.horde.org
Wed Apr 25 19:27:45 UTC 2007


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=5307
-----------------------------------------------------------------------
 Ticket             | 5307
 Created By         | Chuck Hagenbuch <chuck at horde.org>
 Summary            | Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection
 Queue              | Horde Base
 Version            | HEAD
 Type               | Enhancement
 State              | Accepted
 Priority           | 2. Medium
 Owners             | 
-----------------------------------------------------------------------


Chuck Hagenbuch <chuck at horde.org> (2007-04-25 12:27) wrote:

http://prototypejs.org/2007/4/24/release-candidate-3

It'd be good to add a security delimiter of some sort to our ajax, also,
taking advantage of the support in rc3 for stripping them before eval'ing.
See
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
and http://dev.rubyonrails.org/ticket/7910



More information about the bugs mailing list