?Suppose that a user visits a mashup web page that simultaneously displays a user?s favorite email site, ecommerce site, and banking site. Assume that:????
The email, ecommerce, and banking sites allow themselves to be placed in iframes (e.g., they don?t prevent this using X-Frame-Options headers).
Each of those three sites is loaded in a separate iframe that is created by the parent mashup frame.
?Each site (email, ecommerce, banking, and mashup parent) come from a different origin with respect to the same origin policy. Thus, frames cannot directly tamper with each other?s state. Describe an attack that the mashup frame can launch to steal sensitive user inputs from the email,ecommerce, or banking site.