

Throw 1; &lt; don't be evil - DanielRibeiro
http://www.google.com/ig/cp/get?hl=en&gl=

======
mmastrac
Even better: onload="window.lol&&lol()"

I imagine that this is JS intended to be loaded via XHR only.

~~~
nostrademons
I was just talking to the guy who added window.lol last Friday. It stands for
something that actually made sense in the context of the project, though I
forget what exactly.

------
Kurtz79
Don't be evil ? Google ?

Apparently their exception handling does't work very well :)

------
klagan
WTF is that?

~~~
willscott
Presumably on the google website the script is loaded via an xmlhttp request
which then strips the initial text and evals the rest. By added the initial
throw 1; they prevent other sites from including the script, since it won't do
anything.

~~~
stanleydrew
Indeed. See this: [http://google-
gruyere.appspot.com/part3#3__cross_site_script...](http://google-
gruyere.appspot.com/part3#3__cross_site_script_inclusion)

~~~
SimonPStevens
Cool site. I've never seen that before. Learn about web security by breaking
it.

~~~
verroq
What about hackthissite.org?

