http://www.cigital.com/justiceleague/2007/04/02/ajax-insecurity/ The Cigital Software Security and Quality Blog Thu, 24 Jul 2008 01:34:16 +0000 http://wordpress.org/?v=2.0.11 http://www.cigital.com/justiceleague/2007/04/02/ajax-insecurity/#comment-270 Wed, 11 Apr 2007 17:39:25 +0000 http://www.cigital.com/justiceleague/2007/04/02/ajax-insecurity/#comment-270 I would say that there is no real way to prevent prototype hijacking if you can have a XSS vulnerability in your application. Btw, prototype hijacking is quite okay to prevent, with basically no remote script inclusion, but the worse is coming with JavaScript 2 operator overloading... With that feature people would be able to totally change the meaning of your script. I would say that there is no real way to prevent prototype hijacking if you can have a XSS vulnerability in your application.
Btw, prototype hijacking is quite okay to prevent, with basically no remote script inclusion, but the worse is coming with JavaScript 2 operator overloading… With that feature people would be able to totally change the meaning of your script.

]]>