Y
Hacker News
new
|
ask
|
show
|
jobs
by
lashkari
712 days ago
If it's really accessible from *.google.com, wouldn't this be simple to verify/exploit by using Google Sites (they publish your site to sites.google.com/view/<sitename>)?
1 comments
DownrightNifty
712 days ago
JS on Google Sites, Apps Script, etc. runs on *.googleusercontent.com, otherwise cookie-stealing XSS happens.
link