So my friends and i got into a debate about OpenSocial-- he says' that they will need to create some sort of LHTML like FBML otherwise OpenSocial will allow let all OpenSocial sites be like MySpace (you can mess with all the HTML). I didn't think it was true because there must be some other way of limiting how much they can do with the HTML. I don't really know so can someone explain to me if he's right? |
Gadgets are opened in an IFrame (at least they are on Orkut) – dodgy but at least it stops the MySpace effect. This has to be done, not really because of the HTML (that could be parsed through a parser first, for example) but the real issue is the Javascript (XSS). |
Oh, and I call them Gadgets not Apps because they use the Google Gadget API which is used on iGoogle (except you can't use html-inline because of the MySpace effect). |
I think the gadgets will still be iframed, even on Orkut, unless they are from Google. |
how will they protect against malicious scripts? |