Submission + - JavaScript Hijacking
bvc writes: "There's a new kind of vulnerability in town: JavaScript Hijacking allows attackers to steal confidential data from vulnerable Ajax-style webapps. The details involve the fact that Web browsers don't protect JavaScript the same way they protect plain-ol' HTML, but the bigger picture is that open Web standards haven't kept up with the cutting edge, and eventually all of the hacks and kludges came tumbling down. Can open standards catch up, or does the future belong to proprietary standards like Adobe's Flash/Flex/ActionScript?"