The language selection isn't standard. They won't have any parameter cleaning for the language I would imagine. So, the language drop down can be replaced by the iframe.
A valuable lesson :D
Security and privacy
BP Uses Moodle and (unfortunately) expose themselves to an "XSS based iFrame injection"...
This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.