You can easily include a cross-domain script using a cross-domain DTD; just
attach the malware as 

<!ATTLIST body onload CDATA "{ sniper.shoot(); }" > 

and hope for the worst.

Chris

Reply via email to