Open DinisCruz opened 10 years ago
While this is important, i don't see this as a priority as a successful attack would be against an administrator, not the user, which limits the scope. I would suggest moving to 3.6, but will leave this here as a P4 for now.
Moving to 4.0
See these posts for more details on this issue:
http://haacked.com/archive/2009/06/25/json-hijacking.aspx/
One example of a page that returns a JSON object is /rest/tbot/json/Json_UserTags
references: