HTML that the attacker controls can read from the files loaded into the iFrame and extract their data.from http://ift.tt/1hDgD1M