Google Blogoscoped

Wednesday, April 19, 2006

Google HTML Injection

Google had an HTML injection bug... it’s now fixed. Before, you could access this URL and see a JavaScript alert (one you injected into the page, which can be abused for XSS, cross-site scripting). This security hole, as discussed on SecurityFocus, has been closed, possibly due to pointers sent to security@google.com. HTML injections are very common on many websites, but I was surprised to see this at Google.com.

Google HTML Injection by Philipp Lenssen | Comments (1)

>> More posts

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement (advertise here?) Find the right keywords for your campaigns at KeywordDiscovery.com Google Apps Hacks (book)
Advertise here?

 

This site unofficially covers Google™ and more with some rights reserved. You can subscribe to the feed, email your tips and join our forum!