if the JavaScript is located on your own web server, won't it be possible to change the script once people have it on their Google/ig page? will this also mean the ability for people to code pop-up pages on google's own pages, URL re-directs, div pop-ups with ads, or maybe more malicious scripts? |
The potentially dangerous modules (basically all of them at this point) are run in iframes |
When i say all of them i mean all the ones that are going to be created. Google's own ones run inline. its all in the documentation |
Obvious shot at Yahoo! Widgets. |
Interesting. They're using a Gmodules.com domain in those Iframes, I suppose to prevent cross-site scripting from malicious widgets. The domain's robots.txt disallows any kind of spidering, too. http://www.gmodules.com/robots.txt
The API is incredibly easy to use so far, but even with the developer widget (developer.xml) the cache disabling doesn't seem to work... I need to add a random query string to force my test widgets out of the Google cache. E.g. ..../helloworld.xml?cache=32902309 |
Creating a widget is very simple. Just add http://test.seweso.com/google-home.php?title=Sudoku&url=http://www.miniclip.com/sudoku/sudoku.swf to your Google Homepage (Add content --> Create section).
What else would you need? ;) |
Google is down for me this minute... |
Music recommendations: http://andrewhitchcock.org/musicmobs/w.xml |
I made an example that uses asynchronous JS and regular expressions. See http://somanyschemes.com/2005/12/14/digg-example-with-google-ig/ |
Here's a simple html one. it ads alternate search boxes for answers, catalogs, etc
http://base.google.com/base/a/CalebEgg/7709153947756048416 |