Michal Zalewski of google has posted a proposal on browser security enhancements to the whatwg mailing list.
"I am posting here on the advice of Ian Hickson; I'm new to the list, so
please forgive me if any of this brings up long-dismissed concepts;
For a couple of months now, along with a number of my colleagues at
Google, we were investigating a security problem that we feel is very
difficult or impossible to avoid on application side, and might be best
addressed on HTML or HTTP level in contemporary browsers. These problems
had recently gained some mainstream attention, and so we hoped to discuss
potential solutions, and perhaps gain some traction for long-term fixes.
Problem definition: a malicious page in domain A may create an IFRAME
pointing to an application in domain B, to which the user is currently
authenticated with cookies. The top-level page may then cover portions of
the IFRAME with other visual elements to seamlessly hide everything but a
single UI button in domain B, such as "delete all items", "click to add
Bob as a friend", etc. It may then provide own, misleading UI that implies
that the button serves a different purpose and is a part of site A,
inviting the user to click it. Although the examples above are naive, this
is clearly a problem for a good number of modern, complex web
Well worth the read.
Read more at: http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-September/016284.html