Chris, Check your gmail. I wrote you with some info.
Justin On Jan 14, 2:43 pm, Rey Bango <r...@reybango.com> wrote: > Hi Chris, > > Thanks for the email. I think the best way to help us is to provide us > with detailed information as to what your security team is having > issues with. XHR in itself is not a security issue but more in the way > that a developer manages the requests/responses. If there are specific > concerns, maybe we can help to address them. > > Rey... > > On Thu, Jan 14, 2010 at 1:13 PM, ChrisM <manni...@gmail.com> wrote: > > Hello, > > > I work on a US Army website and have been using jQuery and UI for some > > time. We have started working on a dynamic hosting environment > > (instead of serving flat html pages) and in the process, ajax > > functions in jQuery 1.3.2 have been flagged as insecure by our DoD > > security team. Although I know that these functions pose no real > > security risk whatsoever, I had no choice but to remove them to get > > jQuery past security scans to a ".mil" server. > > > Now removing some functionality wasn't a problem for me since I am > > pretty familar with jQuery. However, I wanted to suggest that you > > consider hosting a "secure" version of jQuery, without the ajax > > functions currently in 1.3, to assist people newer to jQuery who may > > be working in a locked down environment. > > > Thanks, > > Chris
