Let’s say you used your LottsaMoneyBank web site to access your account but didn’t log out. It’s possible for another unscrupulous web page to create a hidden “IFrame”, load up a LottsaMoneyBank page, and since you aren’t logged out, attempt to do things with that page (for example, transfer money).
So to support Google Chrome 30+, we web developers need to add “try-catch” blocks to catch this new SecurityException when we access frames. Time to get to work.
One response to “Google Chrome 30: Improved XSS Protection Breaks Google Maps with IFrames”