How Google Wave cannot be XSS injected by a widget

Posted by Axel on Stack Overflow See other posts from Stack Overflow or by Axel
Published on 2010-03-31T20:48:29Z Indexed on 2010/03/31 20:53 UTC
Read the original article Hit count: 560

Filed under:
|
|

Hello,

If you've used google wave you probabely seen that you can insert widgets that are made by third parties without approval. the Question is : How this widgets can't inject XSS or steal the cookies, Are the widgets loaded in an <iframe> ? if yes, then how they can't redirect google wave to another page?

Thanks

© Stack Overflow or respective owner

Related posts about xss

Related posts about html