The  DHTML Editor cross-frame hole

The box in the righ is an DHTML Edit Control Safe for scripting.
It shows a form loaded from a diferent domain (www.angelfire.com).
Click the button below and I will fill the form and submit It.

Dont worry about the message displayed. It is only a demo.

A malicious script inserted in a WEB page or in an HTML formated e-mail can submit transactions that will contain your IP address. (Imagine an   script writting menaces in the White House guess book).