A gmail 0day

There is a xss in https://www.google.com.

Poc:http://www.loveshell.net/blog/blogview.asp?logID=262

This xss is very critical,you can get the cookie to login into gmail ore other service.

The document.location.hash is evil :)