Belated happy birthday to Redkam! (It was yesterday, for those who don't know.)
Gmail has a major security bug.
It only works if you send it from an address thats *not* gmail, and apparently it has to have a subject, and it has to be a new page load, not a automatic refresh.
Very odd, but yea. It works.
So, if I can get this to load a remotely hosted .js file I could easily takeover your gmail account.
Right now, as for me, I'm turning off the snippet option.