Why on earth doesn't Microsoft disable execution of code in iframes by default? This presumably also applies to other browsers.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/623/2257#2257