15 Nov
2005
15 Nov
'05
3:37 p.m.
Are we risking the possibility of running into problems like we did with the third-party xmlrpc library we used? I know this isn't PHP code, so there shouldn't be any exploits, but are there other issues we should keep in mind?
This is what I was thinking too when I first read this thread. More specifically, we may have XSS vulnerabilities by third party javascript libraries. Don't get me wrong: this is not NIH (Not Invented Here), and I support taking the best tools from whereever they are. All I am saying is that it needs to be audited for such possibilities. We learned the hard way with xmlrpc.