Prototype 1.6.0.2: Security, performance improvement release

Sam Stephenson, released Prototype 1.6.0.2 to address several compatibility and performance issues and to protect against a potential security issue for developers using Prototype outside of a web browser environment. Prototype 1.6.0.2 is a backwards-compatible, drop-in replacement recommended for all 1.6.0 users. We’ve fixed 28 bugs and made over a dozen improvements to the code base, […]

Sam Stephenson, released Prototype 1.6.0.2 to address several compatibility and performance issues and to protect against a potential security issue for developers using Prototype outside of a web browser environment.

Prototype 1.6.0.2 is a backwards-compatible, drop-in replacement recommended for all 1.6.0 users. We’ve fixed 28 bugs and made over a dozen improvements to the code base, including performance improvements for CSS selectors in Safari 3 and for the Element#up/#down/#next/#previous and Event#findElement methods in all browsers. We’re also now officially supporting the Opera browser, version 9.25 and higher. You can get the full scoop on all the changes in the [1.6.0.2 Changelog].

Among the numerous bug fixes is a change to the way Ajax.Request handles automatic JavaScript response evaluation. Previous versions of Prototype relied on the browser’s XMLHttpRequest same-origin policy to ensure that response bodies with a content type of text/javascript were safe to evaluate. Alexey Feldgendler from Opera kindly alerted us to the possibility that certain non-browser environments (like Opera’s widget system) do not enforce the same-origin policy and as such may be subject to cross-domain script exploits. To combat this we’ve added an Ajax.Request#isSameOrigin method which returns true when a request is being made to the same domain, port, and protocol as the document. Furthermore, Prototype will no longer automatically evaulate JavaScript response bodies when this method returns false.

More info and download....

Prototype, JavaScript, Library, Bug, Fix, Security, Performance, Release