Might "Prototype Hijacking" Subvert AJAX?

Does JavaScript, which was never intended to do anything resembling what it does within the approach now called AJAX, have a fundamental design flaw? That's the question being asked by Stefano Di Paola and Giorgio Fedon. By using a new technique called "Prototype Hijacking," Di Paola and Fedon claim, it has been shown how it is possible to sniff and manipulate in real time asynchronous requests originating from any browser in a way which is transparent and independent from the framework used.

Their paper, "Subverting AJAX," was written for the 23rd Chaos Communication Conference, which took place at the Berliner Congress Center from 27-30 December, 2006. Might "Prototype Hijacking" Subvert AJAX? @ LINUX.SYS-CON.COM

Linked by shanmuga Tuesday, 9th January 2007 9:52PM