How Google Wave cannot be XSS injected by a widget
Posted
by Axel
on Stack Overflow
See other posts from Stack Overflow
or by Axel
Published on 2010-03-31T20:48:29Z
Indexed on
2010/03/31
20:53 UTC
Read the original article
Hit count: 560
Hello,
If you've used google wave you probabely seen that you can insert widgets that are made by third parties without approval. the Question is : How this widgets can't inject XSS or steal the cookies, Are the widgets loaded in an <iframe>
? if yes, then how they can't redirect google wave to another page?
Thanks
© Stack Overflow or respective owner