[Tickets #5307] Re: Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection

bugs at bugs.horde.org bugs at bugs.horde.org
Wed May 2 18:42:53 UTC 2007


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://dev.horde.org/horde/whups/ticket/?id=5307
-----------------------------------------------------------------------
 Ticket             | 5307
 Updated By         | Michael Slusarz <slusarz at horde.org>
 Summary            | Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection
 Queue              | Horde Base
 Version            | HEAD
 Type               | Enhancement
-State              | Accepted
+State              | Feedback
 Priority           | 2. Medium
 Owners             | 
-----------------------------------------------------------------------


Michael Slusarz <slusarz at horde.org> (2007-05-02 11:42) wrote:

> Horde_Tree at least, and yes Ansel.

But we are not returning JSON code from a script in these instances - we
seem to simply be using JSON as a shorthand to serialize objects in the
javascript code we output.  As far as I can tell, this is not the security
issue the commenting is meant to avoid - only the case where we are
directly returning JSON from an open XmlHttpRequest channel.  Or maybe I
am wrong.



More information about the bugs mailing list