[development] jQuery 1.2 is released
davidn at cgraphics.com
Fri Sep 14 12:50:00 UTC 2007
This is kind of sounding similar to the government deciding what's
best for the people rather than the other way around. I agree it
shouldn't automatically (read "by default"), but what about an option
to turn on with a big, red warning label?
How about a page from Microsoft's OSs: "Download updates
automatically, ask permission before installing".
On Sep 14, 2007, at 8:32 AM, Jeff Eaton wrote:
> This is very true. The concern that sparked this discussion
> *remote server* and automatically including them in Drupal's output
> to end-users. Compromising remote servers in that scenario (as
> happened with Wordpress) could easily result in jillions of Drupal
> sites auto-downloading a compromised version of a js file and
> 'reflecting' it out to all of their users.
> On Sep 14, 2007, at 7:25 AM, Frando wrote:
>> site by
>> included in every request, he needs a major security hole in the
>> site (one
>> that allows him to save random files at random paths). Given that
>> hole, he most likely has already other ways to add random, malicious
>> with no
>> title and text to each page which then includes the malicious
>> also lives
>> executed by
>> most modern browsers.).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2450 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20070914/589eca32/attachment-0001.bin
More information about the development