Google Blogoscoped

Wednesday, April 19, 2006

Google HTML Injection

Google had an HTML injection bug... it’s now fixed. Before, you could access this URL and see a JavaScript alert (one you injected into the page, which can be abused for XSS, cross-site scripting). This security hole, as discussed on SecurityFocus, has been closed, possibly due to pointers sent to HTML injections are very common on many websites, but I was surprised to see this at


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!