The reason my XML/XSL/Java doesn’t work
Among the features Internet Explorer provides for handling XML data is one that lets it open an XML data file on a web site and display the content in a browser window. However, the flaw makes it possible for the web site to instead open an XML file on a remote system in the browser window. Specifically, the feature at issue here checks to make sure that the web page requests a data source that resides on the same web site, but doesn’t check to make sure that the data source isn’t redirected.