It has been reported that the type attribute of an <object> tag
can override the charset of a framed HTML document, even when the
document is included across origins. A page could be constructed
containing such an <object> tag which sets the charset of the
framed document to UTF-7. This could potentially allow an attacker to
filters, and then executing the code using the above technique.