[pmwiki-devel] google maps, api no longer needed

Ben Wilson dausha at gmail.com
Tue Sep 11 06:45:48 CDT 2007


I've been thinking about this new Google Map solution. Something
bothered me about it (not that I'm the maintainer of the present GMA
recipe). This morning, I was combing through my archives and I
happened upon an article (published by Google) that discussed
hijacking web sites.[1]

There was a specific example that discussed how an <iframe> can be
used to monitor a web site and collect usernames and passwords. The
new Google Map interface is an <iframe>. For a wiki to allow user
editing of <iframe> is an invitation to be exploited.

With that in mind, I will remove the references to the new interface
from my recipe page. Perhaps the better path is to see how GMA can
harness this new interface, or a recipe that abstracts <iframe> from
the user. The current interface suggestion to allow editors to add
HTML (specifically <iframe) is harmful from a security perspective.

Regards,
Ben Wilson

On 9/7/07, Sandy <sandy at onebit.ca> wrote:
> Michael Smick wrote:
> > Hi pmwiki-devel members,
> >
> > FYI
> > Recently the google maps API is no longer needed to
> > embed custom google maps into an HTML page.
> >
> > http://google-latlong.blogspot.com/2007/08/youtube-style-embeddable-maps_21.html
> >
>
> You may want to add a note to this effect directly to the relevant
> cookbook pages, so people don't go through all the API hassle if it's
> not necessary.
>
> Sandy


-- 
Ben Wilson
"Words are the only thing which will last forever" Churchill

[1]: Provos, "The Ghost in the Browser--Analysis of Web-based Malware," unk.



More information about the pmwiki-devel mailing list