<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Almost every "sink" in JQuery is dangerous. </div><div><br></div><div>The safe ones include:</div><div><br></div><div><a href="http://api.jquery.com/text/">http://api.jquery.com/text/</a></div><div>and</div><div><a href="http://api.jquery.com/val/">http://api.jquery.com/val/</a></div><div><br></div><div>Aloha,<br><div>--</div><div>Jim Manico</div><div><div apple-content-edited="true" class=""><div class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div class=""><span style="background-color: rgba(255, 255, 255, 0);">Global Board Member</span></div><span style="background-color: rgba(255, 255, 255, 0);">OWASP Foundation</span><div class=""><a href="https://www.owasp.org/" class="" style="background-color: rgba(255, 255, 255, 0);"><font color="#000000">https://www.owasp.org</font></a></div></div></div><div class=""><span style="background-color: rgba(255, 255, 255, 0);">Join me at <a href="http://appsecusa.org/" target="_blank" class="">AppSecUSA</a> 2015!</span></div></div></div><div><br>On Jun 28, 2015, at 8:47 AM, Tim <<a href="mailto:tim.morgan@owasp.org">tim.morgan@owasp.org</a>> wrote:<br><br></div><blockquote type="cite"><div><span></span><br><span>On Sun, Jun 28, 2015 at 10:29:56AM -0400, johanna curiel curiel wrote:</span><br><blockquote type="cite"><span>Dinis</span><br></blockquote><blockquote type="cite"><span>What about Jquery? Many people still using it today, I know a banking app</span><br></blockquote><blockquote type="cite"><span>using it.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><span></span><br><span>I get the impression that jQuery has a lot of sinks that would trip up</span><br><span>the typical UI developer:</span><br><span>  <a href="https://code.google.com/p/domxsswiki/wiki/jQuery">https://code.google.com/p/domxsswiki/wiki/jQuery</a></span><br><span></span><br><span>tim</span><br><span></span><br><span>_______________________________________________</span><br><span>OWASP-Leaders mailing list</span><br><span><a href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a></span><br><span><a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br></div></blockquote></body></html>