[development] replace drupal.js with prototype.js?
Khalid B
kb at 2bits.com
Tue Nov 15 14:37:10 UTC 2005
> Are we risking the possibility of running into problems like we did with
> the third-party xmlrpc library we used? I know this isn't PHP code, so
> there shouldn't be any exploits, but are there other issues we should keep
> in mind?
This is what I was thinking too when I first read this thread.
More specifically, we may have XSS vulnerabilities by third party
javascript libraries.
Don't get me wrong: this is not NIH (Not Invented Here), and I support
taking the best tools from whereever they are.
All I am saying is that it needs to be audited for such possibilities.
We learned the hard way with xmlrpc.
More information about the development
mailing list