2

After reading JSONP callback doesn't execute when running at localhost and googling a lot, I am still unclear if there is a potential XSS security threat.

Is this "hole" covered in popular browsers nowadays?

(notice the dot in the URI)

Community
  • 1
  • 1
jldupont
  • 93,734
  • 56
  • 203
  • 318

1 Answers1

0

Yes it is a potential security flaw, just be smart with your coding to check for XSS... I'm not sure but I think Firefox4 blocks this hole...

Joshua Smickus
  • 1,011
  • 10
  • 14