| http://www.w3.org/ns/prov#value | - Considering that the src inside the restricted frame is executed as ???a site in IE???s ???restriced zone'???, which means that javascript is disabled (unless it breaks out of the window, of course), can you think some attack other than Phishing the end user.
|