http://www.cigital.com/justiceleague/2007/04/02/ajax-insecurity/ The Cigital Software Security and Quality Blog Fri, 15 Jan 2010 15:00:13 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://www.cigital.com/justiceleague/2007/04/02/ajax-insecurity/comment-page-1/#comment-270 Romain Wed, 11 Apr 2007 17:39:25 +0000 http://www.cigital.com/justiceleague/2007/04/02/ajax-insecurity/#comment-270 I would say that there is no real way to prevent prototype hijacking if you can have a XSS vulnerability in your application. Btw, prototype hijacking is quite okay to prevent, with basically no remote script inclusion, but the worse is coming with JavaScript 2 operator overloading... With that feature people would be able to totally change the meaning of your script. I would say that there is no real way to prevent prototype hijacking if you can have a XSS vulnerability in your application.
Btw, prototype hijacking is quite okay to prevent, with basically no remote script inclusion, but the worse is coming with JavaScript 2 operator overloading… With that feature people would be able to totally change the meaning of your script.

]]>