Embedding your widgets/gadgets/thingummies* into other people’s sites exposes you and your users to security vulnerabilities you may not be familiar with.
In developing features for a future version of Jetpack, we at Automattic found no convenient library to protect our embeddable widgets from these vulnerabilities. We wrote our own.
Learn about what these vulnerabilities are, why they matter, and how to protect your users at my talk on Saturday: Developing Secure Widgets: Secure iFrame Communication in a Pre-postMessage() World. Oh – and steal our code too. Patches welcome 🙂
*Not (necessarily) WordPress sidebar widgets.