Hi V that app owner have added option to add users messages. Look at canvas view. Just entering <script> here window.location.... address to redirect</script> works perfect. All apps by that owner have same loophole. AND can opensocial team control what to allow in persistence data storage like not to allow tags like <script> or onload etc etc to stop XSS or inserting unwanted own data from user side.
On Mon, Dec 22, 2008 at 10:41 AM, Vijaya <[email protected]> wrote: > > Hi, > I just installed the app and clicked on my profile in the left nav > bar, but wasn't redirected to the fake site. Could you please explain > how you're navigating to your/your friends' profiles where you get > redirected? > > Thanks, > Vijaya > > > -- With best Regards. Prashant aka Orkuteer http://en.blog.orkut.com/2007/11/thanks-from-orkuteer.html --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---
