Is this potential Google cookie stealer fixed now? I couldn't reproduce creating that snippet in Google Docs: http://ha.ckers.org/blog/20070617/another-google-xss-in-google-documents/ |
I couldn't get Google Docs to insert a textarea at all. Other form elements, like text input fields, still work fine though. So, I'm guessing that their quick fix was to disable textareas altogether. |
His demo still works, though... |