Archive for August 17th, 2007

Today RSnake revealed a cross site scripting vulnerability affecting Google Gadgets in the domain.
This XSS hole allows anybody to store his/her own web content, including JavaScript code, anywhere and to have it rendered and executed in the context of the domain, with no further validation of sort.
RSnake responsibly reported his finding to Google before resorting to public disclosure, but the G guys answered that this behavior is "by design" and won't be fixed.

What does it mean?

Bad Behavior has blocked 927 access attempts in the last 7 days.