Code snippets, quotes, BASH scripts and nonsense. Not surprisingly, my main site is called Johann Burkard, too. Check out my web applications: WMA to MP3 converter, QR Code Generator, Pearson Correlation calculator, PDF to TIFF converter and Forex Data Feed. Also, check out Ole’s Tauschbörse Arbeit.
Page 1 · Page 2 · Page 3 · Page 4 · Page 5 · Page 6 · Page 7 · Page 8 · Page 9 · Page 10
Oct 28 2010
Google’s jsapi unintentionally discloses private data.
The URL of the page that requests the script will end up in the google.loader.OriginalAppPath property.
Because the file is cacheable for one hour, any other site that the visitor visits within one hour can access the URL of the site that initially loaded the file.
Google has been informed about this on 08 Oct 2010 14:55:25 +0200 but so far has failed to resolve this problem.
Example: Go to http://blog.dantup.com and visit view-source:http://www.google.com/jsapi.
Page 1 · Page 2 · Page 3 · Page 4 · Page 5 · Page 6 · Page 7 · Page 8 · Page 9 · Page 10
