Today we’re releasing Prototype 1.6.0.2 to address several compatibility and performance issues and to protect against a potential security issue for developers using Prototype outside of a web browser environment.

Prototype 1.6.0.2 is a backwards-compatible, drop-in replacement recommended for all 1.6.0 users. We’ve fixed 28 bugs and made over a dozen improvements to the code base, including performance improvements for CSS selectors in Safari 3 and for the Element#up/#down/#next/#previous and Event#findElement methods in all browsers. We’re also now officially supporting the Opera browser, version 9.25 and higher. You can get the full scoop on all the changes in the 1.6.0.2 CHANGELOG.

Among the numerous bug fixes is a change to the way Ajax.Request handles automatic JavaScript response evaluation. Previous versions of Prototype relied on the browser’s XMLHttpRequest same-origin policy to ensure that response bodies with a content type of text/javascript were safe to evaluate. Alexey Feldgendler from Opera kindly alerted us to the possibility that certain non-browser environments (like Opera’s widget system) do not enforce the same-origin policy and as such may be subject to cross-domain script exploits. To combat this we’ve added an Ajax.Request#isSameOrigin method which returns true when a request is being made to the same domain, port, and protocol as the document. Furthermore, Prototype will no longer automatically evaulate JavaScript response bodies when this method returns false.

We’ve also backported the aforementioned security fix for those of you still using Prototype 1.5. Prototype 1.5.1.2 is a backwards-compatible, drop-in replacement recommended for all 1.5.1 and 1.5.1.1 users.

Download, report bugs, and get help

As always, thanks to the core team and the many users who contributed bug reports and well-tested patches for this release.

Comments

  1. protofreak #

    Form.serialize() still doesn’t recognize multiple submit buttons, it recognizes only the first submit-button.

    thx for reading

    ps. in either case prototype.js is a wonderfull framwork.

    January 26th, 2008 @ 05:49 AM
  2. random coder #

    Nice work, -28 bugs :) BTW bought the Bungee book… Very good reading indeed, recommended to everyone even remotely connected to Prototype. Peace!

    January 27th, 2008 @ 09:18 AM
  3. Jerome Lapointe #

    Good job! Trying it out. Is it me or did it actually go down in size a little?

    January 28th, 2008 @ 10:36 AM
  4. justin #

    Should we expect an updated scriptaculous in the near future as well?

    January 28th, 2008 @ 04:43 PM
  5. alveo #

    Thanks for this great work !

    Sebastian

    January 28th, 2008 @ 06:44 PM
  6. slice #

    Great project. Dates on your archives on the download page are swapped about.

    January 29th, 2008 @ 04:16 AM
  7. Nathan Youngman #

    Concerning the backport of Prototype 1.5.1.2, is script.aculo.us 1.7.3 beta 3 the only version that will work with it?

    January 29th, 2008 @ 04:36 PM
  8. Vince #

    Thanks for your work, I appreciate the official support for Opera 9! ^^

    January 31st, 2008 @ 03:14 PM
  9. lordfrikk #

    Thanks especially for Opera support (finally, yay!)... Whole Internet seems to neglect Opera, like Google O_O

    February 2nd, 2008 @ 09:47 AM
  10. Scott Godin #

    “We’re also now officially supporting the Opera browser, version 9.25 and higher.”

    three words : about. damn. time. :)

    Opera’s a teriffic browser that deserves far more recognition and support than it’s been getting, and this is a great step in that direction.

    February 4th, 2008 @ 08:11 AM
  11. Flame #

    Best framwork ever. But can’t you guys make some costum frameworks? Like only ajax functions ecc. It is not cool having 100KBs of js where I only use 2KB of it’s code xD

    Anyways I have compressed the packet and now it’s only 18KB. But..

    February 8th, 2008 @ 04:48 AM
  12. sftco #

    cool thanks for supporting opera browser

    February 16th, 2008 @ 07:39 AM
  13. atc #

    Best framework ever I have seen, thanks to every one who have done a great job for Web world http://www.w3answers.com

    February 19th, 2008 @ 07:32 AM
  14. Mike van Lammeren #

    Many thanks for an excellent javascript library. I have been developing web applications for 7 years, and there is nothing out there as neat, perfect and cool as Prototype.

    February 20th, 2008 @ 09:38 AM
  15. hwang #

    i have a problem in method readAttribute

    that’s not work in IE 7.

    please help me.

    February 23rd, 2008 @ 08:19 PM
  16. Tobie Langel #

    Hi Hwang,

    For assistance requests, please use our mailing list... and if you found a bug, please file a bug report. Thanks.

    February 24th, 2008 @ 01:50 AM

Sorry, comments are closed for this article.

Search Blog


Search the prototype blog.

Subscribe to the blog

Categories

Akismet badge