FYI http://prosecco.gforge.inria.fr/CVE/Facebook_JS_2012.html
"As a part of our study of various security critical Javascript SDKs we did an analysis of the Facebook Connect JS SDK. Since they use HTML5 based PostMessage API we were specifically interested in the way the origins were validated. We managed to bypass the origin validation by exploiting 3 different bugs in their SDK."
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
