"The Problem with Frames
When the first instances of frames were implemented on the
Internet, it took all of two months for the first major security
holes to open up and be recognized by the hacking community. To
understand how frames were used to present a security hole is to
first understand frames themselves.
"The way a web page renders frames is as follows:
A page with instructions for the frames to be rendered is
loaded.
The addresses and particulars of how the frames will be rendered
such as border properties and the placement of the frames
themselves is given to the browser.
The documents that will be used to display the content of the
frames are then loaded into the given frames.
The page is then rendered (displayed) to the browser window.
"Within this procedure is the ability to load and execute web
pages from other servers on other domains. The JavaScript variables
from one domain are available for examination and modification to
the web pages from the other domains that are used within the other
frames that make up the page. The first strategy to combat this
problem was the Same Origin Policy, which was taken up by Netscape
Navigator, Internet Explorer and Opera."