I can embed an iframe in a website, but I can't point it to anything along the lines of "javascript:alert(1)". Is there a page I can build that can run javascript in the context of the parent document? SOP prevents me from directly accessing things like parent.document. Any ideas? http://sla.ckers.org/forum/read.php?2,51088,51088#msg-51088 Fri, 24 May 2013 14:31:05 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?2,51088,51318#msg-51318 http://sla.ckers.org/forum/read.php?2,51088,51318#msg-51318 Albino XSS Info Sun, 12 Aug 2012 13:31:28 -0500 http://sla.ckers.org/forum/read.php?2,51088,51088#msg-51088 http://sla.ckers.org/forum/read.php?2,51088,51088#msg-51088 cr101 XSS Info Tue, 31 Jul 2012 15:52:05 -0500