I got an email today that one of my plugins might be a cross-site scripting/security risk because the plugin uses the Function.call() method, like so:
$.fn.plugin = function(elem, options, callback) {
callback.call(elem, options);
};
Has anyone heard of or dealt with this problem? If it is a security
risk, wouldn't Function.apply also be an issue?
Thanks,
Luke
_______________________________________________
jQuery mailing list
[email protected]
http://jquery.com/discuss/
