The advent of desktop and web-based gadgets and widgets has ushered in a more common kind of sin: that of the type-0, or DOM-based, cross-site scripting vulnerability. Notice we said “more common” and not “new”; these sins are not new, but they have become more common over the last couple of years.
The two most sinful forms of code that suffer type-0 XSS are
Gadgets and widgets
Static HTML pages on the user’s computer
A gadget or widget is nothing more than a mini-application built ...