Subverting Ajax
Written by on January 8th, 2007 in Ajax News.
A bunch of hub-ub has been created over a presentation at the CCC conference called Subverting Ajax.
The FUD has been interesting to watch. Early in the article they discuss how JavaScript is a prototype-based system which is a ‘flaw’ as people can do things like:
JAVASCRIPT:
-
-
XMLHttpRequest.prototype.send = function (pay) {
-
// Hijacked .send
-
sniff(”Hijacked: “+” “+pay);
-
pay=HijackRequest(pay);
-
return this.xml.send(pay);
-
}
-
The article does do a good job in explaining some of the dangers, but doesn’t mean that all Ajax is bad. Much as SQL injections are bad, but if you do a few smart things you will make sure that there is no surface for them.
What are your thoughts?
Source: Ajaxian
Original Article: http://ajaxian.com/archives/subverting-ajax