Article by Marc Schoenefeld on cross site through Java applets. Unsigned applets coming from different sites may share data areas via undocumented static variables of the jdk. While altering these variables JDK internal states may become corrupt and functionality is no longer. This especially concerns XML processing which depends on the org.apache.xalan.processor.XSLProcessorVersion class. This behavior violates the isolation restriction of the sandbox.
neworder.box.sk/explread.php?newsid=9604