Simple Machines Blogs > Developers' Blog

jQuery FTW!

<< < (5/8) > >>

emanuele:
So we have to keep a very low profile with SMF in a way that it doesn't become popular enough to be exploited?...

* emanuele likes generalizations. :P

AngelinaBelle:

--- Quote from: Jokerâ„¢ on March 04, 2012, 07:51:28 AM ---Moreover whenever server or permissions sort of things comes into play I always tend to go for server side languages. Languages like JS are best for front end/client side.

--- End quote ---
Yes. The danger exists when such information is passed to the client side -- like the memberlist, when it is made available for auto-match when you are sending a PM.

The gmail exploit happened because the server passed contact information information to the client-side javascript, so it is available to the user sending email, which is the purpose of gmail. And a piece of javascript malware running in the same browser session could request the contact information in the same way that the legitimate client-side script ordinarily did. And then use that information to send spam to an entire gmail contact list.

The danger in this case is in passing confidential information to the client-side script.

Eudemon:
indeed, jquery is a nice product, been using it for a while

karlbenson:
Don't re-invent the wheel

Captcha
Editor
Javascript Frameworks

all three things that despite the quality of talent around here, you won't match the FOSS alternatives.

Antechinus:
Yup. It's the sensible option, and can be used safely. Lots of sites already use it safely, so there's no reason why SMF cannot.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version