>>...the security zone model itself (well, at least its implementation in IE, etc) _is the problem_ and can often be exploited independent of the scritping, and other active content processing, state of the zone in which some arbitrary piece of HTML is rendered.
So you can do a cross-zone attack against the restricted zone, with all scripting and active content disabled? I'd like to see an example of this. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
