encyclo - 8:01 pm on Jun 8, 2006 (gmt 0)

This is the SECURITY attribute [msdn.microsoft.com], in IE6 (and probably IE7), allows you to open a third-party page as if it was within the high-security restricted sites level as defined within IE. This means no Javascript and no ActiveX. Framebusters won't work and there is not a lot you can do server-side to get around this short or banning referrers from Yahoo images.

security="restricted" is (was) a well-kept secret, and this is very sneaky for Yahoo to be using. If you want to try it, this is the syntax:

<iframe src="http://example.com/" [b]security="restricted"[/b] width="550" height="450"></iframe>

The attribute is meaningless in alternative (non-MS) browsers, and Javascript etc. will function correctly in those browsers, including frame-busting scripts.