If you can get Google servers to execute Javascript, that sounds like a possible attack vector. It's likely that Google runs these in a proprietary feature-sparse interpreter.
The lack of AJAX would make it difficult to leak information about the black-box interpreter.
If you can get Google servers to execute Javascript, that sounds like a possible attack vector. It's likely that Google runs these in a proprietary feature-sparse interpreter.
The lack of AJAX would make it difficult to leak information about the black-box interpreter.