Displaying user input in an infowindow. Source of malware attack?

[Joseph Elfelt]

There are all kinds of Google map apps that get user input from
somewhere and display that input in an infowindow when a marker is
clicked.

As developers, do we need to be concerned that a malicious person will
provide data to be displayed in an infowindow which will cause
something bad to happen when that infowindow is displayed?

If so, what kinds of attacks do we need to guard against?

[Ben Appleton]

Yes, you must watch out for cross-site scripting (XSS) attacks. This is when a malicious user injects script into your info window (or other) content, for example to steal the viewer's cookie. The solution is to ensure you HTML-escape user input at the point of constructing your info window HTML.

BenBen

> --
> You received this message because you are subscribed to the Google Groups "Google Maps JavaScript API v3" group.
> To post to this group, send email to google-map...@googlegroups.com.
> To unsubscribe from this group, send email to google-maps-js-a...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/google-maps-js-api-v3?hl=en.
>