On Sat, Mar 1, 2008 at 10:23 AM, Brian Eaton <[EMAIL PROTECTED]> wrote:
> On Sat, Mar 1, 2008 at 7:30 AM, Paul Lindner <[EMAIL PROTECTED]> wrote: > > * Do we want to automatically set up the skins styles for the > > gadget when rendered in an iframe? > > Can you add in-gadget code to sanitize the styles before they are > applied to the gadget? I'd like to avoid a situation where someone > can impersonate a container and inject script via the skins feature. Currently this isn't possible, since the skin attributes are defined in the rendering server, not by any outside source. > > Cheers, > Brian > -- ~Kevin
