On Jul 23, 6:32 pm, Rossko <[email protected]> wrote: > Industry regulations??? I'm really curious about that. > Do they vet their browsers, operating systems, hard-drive firmware > content, etc etc. as well? What happens if someone looks at a regular > webpage with embedded javascript .. like, say Google. I think this may > be a case of chinese whispers really.
It is from a legal liability point of view. They provide a service, via a website. If that website results in their customers being infected somehow, it's a bad thing. Of course, they actually do vet the browsers, OS, and security patching practices of the company that runs, hosts, develops the website. But customer PC is something they can't enforce security on. > Anyways, even if you hosted the API script in some way, it needs to > fetch many images, XML files etc. from Google's servers, must those be > vetted too? What happens when it fetches JSON (some map functions > do)? You would need to ensure your image handling, xml, json... functions can't be escaped. You wouldn't want to run eval() on code you just received from a random site off the net (even if it was google). Mike --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
