Software and web application security

April 4, 2007

Fortify JavaScript Hijacking Vulnerability Detected

Filed under: web, web apps — chrisweber @ 2:47 pm

Rather scary issue regarding’s ability to rewrite javascript constructs such as the fundamental Object.  This means that can change the AJAX/JSON behavior of scripts run through

ScottGu from Microsoft responds as to why ASP.NET AJAX is not so vulnerable to this issue.  Doesn’t look like the best solution (basically the server requires an HTTP header Content-Type: application/json or it ignores the request).


Create a free website or blog at