Florent Daigni?re (NextGen$) wrote: > * if we use a capcha, the script will ask the user what's written > on the img ;)
I'm not sure whether a script can read the contents of an iframe that comes from a different domain - in general the browser's supposed to prevent that sort of thing, but there *might* be a loophole if the contents of the iframe were originally loaded from the same domain as the script domain and then redirected to another domain by submitting a form. Assuming the script can't read the contents of the iframe, the form could contain a hidden field with a random, unguessable value that must match when the form's submitted. Cheers, Michael
