I thought it worth to post this article on the newsgroup.
http://www.cbronline.com/article_news.asp?guid=484BC88B-630F-4E74-94E9-8D89DD0E6606
The article exposes recent finding of possible "javaScript" attacks that taps into the lack of "same origin policy" found in transports like JSON.
Will and Can Telerik help make their controls less vulnerable to these attacks.
(A note: After I have written this post I realized that tehre is already a thread about this: http://www.telerik.com/community/forums/thread/b311D-ttage.aspx)
Apologies if this post is in the wrong group.
Pascal
http://www.cbronline.com/article_news.asp?guid=484BC88B-630F-4E74-94E9-8D89DD0E6606
The article exposes recent finding of possible "javaScript" attacks that taps into the lack of "same origin policy" found in transports like JSON.
Will and Can Telerik help make their controls less vulnerable to these attacks.
(A note: After I have written this post I realized that tehre is already a thread about this: http://www.telerik.com/community/forums/thread/b311D-ttage.aspx)
Apologies if this post is in the wrong group.
Pascal
1 Answer, 1 is accepted
0
Mike
Top achievements
Rank 1
Rank 1
answered on 05 Apr 2007, 03:21 AM
I do not believe that combobox and treeview are affected, since they essentially call an event (ItemsRequested and NodeExpand respectively) in the same page they are located, so if this very page is under Forms Authentication, directly requesting it with GET parameters will fail and a login page will be shown instead.