It is also worth pointing out another Facebook exploit which allows a page to 'run' Javascript on a Facebook page. It prompts the user to perform certain actions which copy-and-paste a 'javascript:' style URL to the address bar, and to click Enter to execute the Javascript. This also has the potential to spread fast by sharing it with all of your friends. See http://infinity-infinity.com/2010/05/facebook-exploit-social-engineering-javascript-injection/.
Maybe one can use this site to their advantage. Obviously, the owners know something we know not - popularity of websites. If you can 'play' the browser at the user end, you can have a look into their database. See what they're searching for and how. It cuts both ways.
Slashdot Mirror
It is also worth pointing out another Facebook exploit which allows a page to 'run' Javascript on a Facebook page. It prompts the user to perform certain actions which copy-and-paste a 'javascript:' style URL to the address bar, and to click Enter to execute the Javascript. This also has the potential to spread fast by sharing it with all of your friends. See http://infinity-infinity.com/2010/05/facebook-exploit-social-engineering-javascript-injection/.
Maybe one can use this site to their advantage. Obviously, the owners know something we know not - popularity of websites. If you can 'play' the browser at the user end, you can have a look into their database. See what they're searching for and how. It cuts both ways.
It's from Alexa and Yahoo's search API