GITBOOK-602: change request with no subject merged in GitBook

pentesting-cloud/workspace-security/gws-google-platforms-phishing/gws-app-scripts.md

@@ -92,7 +92,7 @@ In order to give access to the OAuth token you need to click on **`Services +` a
 * **Drive**: To access drive data
 * **Google Sheets API**: So it works with the trigger
 
-To change yourself the **needed scope**s you can go to project settings and **enable S`how "appsscript.json" manifest file in editor`.**
+To change yourself the **needed scopes** you can go to project settings and enable: **`Show "appsscript.json" manifest file in editor`.**
 
 {% code overflow="wrap" %}
 ```javascript
@@ -175,9 +175,6 @@ Note that you can check the **runs of the App Scripts in the Executions tab** if
 
 In order to **trigger** the **App Script** the victim needs to connect with **Editor Access**.
 
-As summary, if the creator and invited user are **from the same organization** the **OAuth** **token** will **belong** to the **user** accessing the file.\
-If they are from **different organizations**, the **token** will belong to the **creator of the trigger** always with **only the OAuth permissions given** when the trigger was created.
-
 {% hint style="success" %}
 The **token** used to execute the **App Script** will be the one of the **creator of the trigger**, even if the file is opened as Editor by other users.
 {% endhint %}
@@ -244,8 +241,6 @@ Just create an App Script, go to Triggers, click on Add Trigger, and select as e
 This will create a security alert email and a push message to your mobile alerting about this.
 {% endhint %}
 
-
-
 ### Shared Document Unverified Prompt Bypass
 
 Moreover, if someone **shared** with you a document with **editor access**, you can generate **App Scripts inside the document** and the **OWNER (creator) of the document will be the owner of the App Script**.