[Tickets #5307] Re: Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection
bugs at bugs.horde.org
bugs at bugs.horde.org
Wed May 2 18:42:53 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://dev.horde.org/horde/whups/ticket/?id=5307
-----------------------------------------------------------------------
Ticket | 5307
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection
Queue | Horde Base
Version | HEAD
Type | Enhancement
-State | Accepted
+State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2007-05-02 11:42) wrote:
> Horde_Tree at least, and yes Ansel.
But we are not returning JSON code from a script in these instances - we
seem to simply be using JSON as a shorthand to serialize objects in the
javascript code we output. As far as I can tell, this is not the security
issue the commenting is meant to avoid - only the case where we are
directly returning JSON from an open XmlHttpRequest channel. Or maybe I
am wrong.
More information about the bugs
mailing list