It's worth noting that none of the included widgets seems to commit the sin
that makes this particular attack possible - i.e. to download javascript
over HTTP, and pass that straight to the javascript parser, particularly
while running in a sandbox environment that allows file system access.
that makes this particular attack possible - i.e. to download javascript
over HTTP, and pass that straight to the javascript parser, particularly
while running in a sandbox environment that allows file system access.
I have...
[ more ]