Russ, >So cross-frame scripting is not a problem? I'm not talking about phishing, >but just framing another site. There is no way to access/modify a frame >that you've opened if it's from another domain? > >Somebody mentioned bugs. Are there any current browser bugs that don't >enforce these guidelines?
I'm not aware of any open bugs in any of the major browsers. If you try access the DOM from another domain, you'll get Access errors. I don't know of any exploit that would allow your specific example to work with any of the latest versions of the major browsers. -Dan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:230018 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54