I don't know about that... are there any specifics relating to this,
or is it just FUD? I mean, there's tons of ways to do XSS stuff -
triggering a function call seems hardly worthy of additional
attention.
Plus, if you're in a situation where XSS may be a factor, this is
probably the least of your worries.
--John
On 3/23/07, Luke Lutman <[EMAIL PROTECTED]> wrote:
> I got an email today that one of my plugins might be a cross-site
> scripting/security risk because the plugin uses the Function.call()
> method, like so:
>
> $.fn.plugin = function(elem, options, callback) {
> callback.call(elem, options);
> };
>
> Has anyone heard of or dealt with this problem? If it is a security
> risk, wouldn't Function.apply also be an issue?
>
> Thanks,
> Luke
>
> _______________________________________________
> jQuery mailing list
> [email protected]
> http://jquery.com/discuss/
>
_______________________________________________
jQuery mailing list
[email protected]
http://jquery.com/discuss/
