In the previous five chapters, we examined a fairly broad range of browser security mechanisms—and looking back at them, it is fair to say that almost all share a common goal: to stop rogue content from improperly interfering with any other, legitimate web pages displayed in a browser. This is an important pursuit but also a fairly narrow one; subverting the boundaries between unrelated websites is a large part of every attacker’s repertoire but certainly not the only trick in the book.

The other significant design-level security challenge that all browsers have to face is that attackers may abuse well-intentioned scripting capabilities in order to disrupt or impersonate third-party sites without actually ...