Hi Logan, The _args() functions return an array of the iframe URL parameter. There is no XSS issue here. Any frame can access its URL (with URL parameters) through the Javascript location global object. All _args() does is provide you the URL parameter in a already parsed and easy to iterate through array.
Jerome On Nov 5, 10:44 pm, "Logan Barron" <[EMAIL PROTECTED]> wrote: > hello all, > > the igoogle js api provides a way to retrieve url params via '_args()'. > > my question is: how does this work? how do OR could they pass parameters to > an iframe residing on a different domain? i would like to know how they get > around the xss restrictions. > > is the source available? any ideas? > > thanx, > > -logan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "iGoogle Developer Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Gadgets-API?hl=en -~----------~----~----~----~------~----~------~--~---
