Hi Chamila, In the case of type="html" or type="url" gadgets, the gadget contents are enclosed in an iframe, preventing insecure communication between the gadget and the container page (iGoogle). Inlined gadgets are not rendered in an iframe, but this type of gadget has been deprecated, and existing gadgets have been audited, and their code has been frozen.
Best, Dan On Oct 30, 3:45 am, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > Hi, > > I have a little problem about igoogle and its added gadgets. > > there is a gadget which allows the user to write javascripts / html > code in side a gadget and get the output to the gadget. > > http://www.google.com/ig/directory?url=chw2054.googlecode.com/svn/tru... > > I would like to know by allowing the user to type javascripts inside a > gadget, will it allow the person to retrieve information about other > gadgets / important information which can be a serious security issue? > > if so is there any way of preventing this? > > thank you for your support. > > regards, > > Chamila --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "iGoogle Developer Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Gadgets-API?hl=en -~----------~----~----~----~------~----~------~--~---
