Translations:Security Notes on Remote Embedding/8/en

Both these problems result in XSS issues for any site that cross embeds the javascript.