XSS Cross Site Scripting
It’s an XSS in most sites that uses the google search API with it’s generic results template. The api allows any encoding method to be used for output, and doesn’t sanitize until after the page has been converted.
Google.com uses the same API but it’s unaffected because it santizes in UTF8 before converting to the output encoding. It will be interesting to see how quickly this can be patched.
No comments:
Post a Comment