Posted by Justin Steven on Feb 08
the targeted site as well as the attacking site?
No, this is entirely an IE flaw. I’ve repro’d on domains that I know don’t
use cloudflare, from a domain that doesn’t use cloudflare.
There’s a great teardown on this POC by @filedescriptor at
http://innerht.ml/blog/ie-uxss.html