[Noisebridge-discuss] Assignment for tomorrow's web dev lab!

Jeffrey Carl Faden jeffreyatw at gmail.com
Thu Feb 16 10:59:34 PST 2012


Are you suggesting that an outgoing HTTP GET request can be hijacked and
the information that's returned could be script other than jQuery? I'd be
interested in understanding more how that works, and how requesting
resources over HTTPS prevents that.

Jeffrey

On Wed, Feb 15, 2012 at 11:33 PM, Seth David Schoen <schoen at loyalty.org>wrote:

> Jeffrey Carl Faden writes:
>
> > Hey dudes,
> >
> > First Frontend Web Development lab meets tomorrow, Thursday at 8pm.
> >
> > If you want to get a head start on the assignment or just think it over,
> I've uploaded it here:
> > http://jeffreyatw.com/static/frontend/class12/assignment.html
>
> Can you please have your students load jQuery from
>
> https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
>
> rather than your existing suggestion of
>
> http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
>
> and correspondingly for jQuery Validation?  In the existing case a network
> attacker can completely pwn their web applications, _even if they're loaded
> from localhost or from local HTML instead of from any web server_.
>
> --
> Seth David Schoen <schoen at loyalty.org>      |  No haiku patents
>     http://www.loyalty.org/~schoen/        |  means I've no incentive to
>  FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150  |        -- Don Marti
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120216/32da363f/attachment.htm 


More information about the Noisebridge-discuss mailing list