Yes, you must watch out for cross-site scripting (XSS) attacks. This is when a malicious user injects script into your info window (or other) content, for example to steal the viewer's cookie. The solution is to ensure you HTML-escape user input at the point of constructing your info window HTML.
BenBen On Feb 25, 2011 4:03 AM, "Joseph Elfelt" <josephelf...@gmail.com> wrote: > There are all kinds of Google map apps that get user input from > somewhere and display that input in an infowindow when a marker is > clicked. > > As developers, do we need to be concerned that a malicious person will > provide data to be displayed in an infowindow which will cause > something bad to happen when that infowindow is displayed? > > If so, what kinds of attacks do we need to guard against? > > -- > You received this message because you are subscribed to the Google Groups "Google Maps JavaScript API v3" group. > To post to this group, send email to google-maps-js-api-v3@googlegroups.com. > To unsubscribe from this group, send email to google-maps-js-api-v3+unsubscr...@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/google-maps-js-api-v3?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google Maps JavaScript API v3" group. To post to this group, send email to google-maps-js-api-v3@googlegroups.com. To unsubscribe from this group, send email to google-maps-js-api-v3+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-maps-js-api-v3?hl=en.
