[development] replace drupal.js with prototype.js?

Khalid B kb at 2bits.com
Tue Nov 15 14:37:10 UTC 2005

> Are we risking the possibility of running into problems like we did with
> the third-party xmlrpc library we used?  I know this isn't PHP code, so
> there shouldn't be any exploits, but are there other issues we should keep
> in mind?

This is what I was thinking too when I first read this thread.

More specifically, we may have XSS vulnerabilities by third party
javascript libraries.

Don't get me wrong: this is not NIH (Not Invented Here), and I support
taking the best tools from whereever they are.

All I am saying is that it needs to be audited for such possibilities.
We learned the hard way with xmlrpc.

More information about the development mailing list