|Post date: 2007-10-12 09:15|
It was kind of hard to figure out. Maybe someone can benefit from this.
It turns out that Internet Explorer considers an iframe without a "src" attribute insecure. The trick is to add a dummy src attribute pointing to a picture or something (/icons/ecblank.gif).
A qualified guess is that this will probably be the case with all objects that can have a src attribute. Firefox seems not to be affected.