ViSP for Drupal
So here's what the ViSP would look like for our Drupal example. It's short xml, and you'll note that the id attribute can be used to show how ViSP can be associated with the underlying HTML.
But this is a relatively small example. What would ViSP look like on a larger site?
Note: This is part of my presentation on Visual Security Policy for the Web.
Note 2: As far as i know, there is no such attack possible on the Drupal forums; I just used them because they made a nice screenshot.