ajax伪造

<!DOCTYPE html>
<html>
    <head lang="en">
        <meta charset="UTF-8">
        <title>伪造AJAX</title>
    </head>
    <body>
        <div>
            <p>请输入要加载的地址：<span id="currentTime"></span></p>
            <p>
                <input id="url" type="text" />
                <input type="button" value="提交" onclick="LoadPage();">
            </p>
        </div>
        <div>
            <h3>加载页面位置：</h3>
            <iframe id="iframePosition" style=" 100%;height: 500px;"></iframe>
        </div>
        <script type="text/javascript">
            window.onload= function(){
                var myDate = new Date();
                document.getElementById('currentTime').innerText = myDate.getTime();
 
            };
            function LoadPage(){
                var targetUrl =  document.getElementById('url').value;
                document.getElementById("iframePosition").src = targetUrl;
            }
        </script>
    </body>
</html>