Thanks for the links. Jeremiah Grossman's book on XSS attacks is almost ready to hit the shelves. Hope RSnake does one too ... speaking of books.. how's the Ext book going? J/K
I hope rezn doesn't mind me quoting him here, but his post @ sla.ckers.org 's forum is... so true.
I just poked around myself here: [extjs.com] and I have to admit that the examples are really, really, nice. And it makes me happy that you all think forcing users to diasble JS is a ridiculous idea, cause having it around sure makes hacking more fun.
Extjs is loved by all, whatever the reason
Last edited by potdarko; 30 Apr 2007 at 6:44 PM.
Reason: fixed my cat's CRs
Miguel Benevides miguel.benevides@webidente.com my del.icio.us
"I hope that when the world comes to an end, I can breathe a sigh of relief, because there will be so much to look forward to."
The server-side scripts provided are offered as a convenience, not as a indicator of how things should be done server-side.
Jeff Howden
Ext JS - Support Team Volunteer jeff@extjs.com
Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.
Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.
You can now use the public proxy provided by the Google here http://code.google.com/apis/ajaxfeeds/. They say "The AJAX Feed API lets you download any public Atom or RSS feed using only JavaScript, so you can easily mash up feeds with your content and other APIs."
You can do cross site as much as you want without anything else but Ext.Data.StriptTagProxy.
Google is safer though because as a developer you're saying (to the app you wrote and deployed to the client's browser): "hey, get my data from my server and my 3rd party data from the google server". As a developer, you're a) protecting your server infrastructure from being exploited and b)protecting your user by not having to send them to 3rd party sites.
Web app developers, think security !!
... speaking of books.. how's the Ext book going? J/K 
good post. 
Originally Posted by potdarko
Jeff Howden
Reply With Quote
