Simple Machines Blogs > Developers' Blog

jQuery FTW!

<< < (4/8) > >>

Fustrate:
jQuery doesn't give an attacker access to anything more than plain Javascript does. It's that simple. There is no added security risk from jQuery, and there never will be.


--- Quote from: AngelinaBelle on March 02, 2012, 01:22:32 PM ---I think the issue is that jQuery gives you tools that, if you are not careful, you can really open yourself up to XSS attacks
--- End quote ---
And PHP is worse in that respect if you're not careful with your code, but we still use it. You just have to know how to avoid making those mistakes.

Angelina Belle:
I agree, Fustrate.  It's not JQuery itself that's the danger, directly.  It's the cool things JQuery tempts you to do that  you have to watch out for.  The devil is in the details.

butchs:
The biggest risk of JQuery is it's popularity.  The exploit effort always increases with popularity.

There are many plugins for JQuery. Some of them are well written and other may not be or are not as complete as they could be...  Good People tend to trust plugins where as bad People like to exploit them.  Maybe we should have SMF approved plugins.

That being said, I do not mind JQuery being added to SMF but I do hesitate with SMF depending on JQuery as it's core to function.  I like to see the heart of the JS for SMF being provided by SMF.

GravuTrad:
Exactly.

Jokerâ„¢:

--- Quote from: butchs on March 03, 2012, 06:54:31 AM ---The biggest risk of JQuery is it's popularity.  The exploit effort always increases with popularity.

--- End quote ---

As far as my knowledge goes for this subject, you just need to ply your utmost attention to the happenings of DOM to control the behavior of JS/JQuery.

Moreover whenever server or permissions sort of things comes into play I always tend to go for server side languages. Languages like JS are best for front end/client side.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version