Cross-site Request Forgery (XSRF) <img src="http://bank.com/transfer?from=from_ID&to=to_ID&value=1000"> Because the user is logged in and has a cookie, the victim site trusts the user’s browser.
The attacker gets user/browser to execute command on victim site, e.g. request a link, post a form. The command has permanent effects.
A frame can navigate its immediate children. Why is it designed such that it can’t navigate its children too?
Consider a website with a login frame, where the user inputs passwords....