I’m working on another project to XSS somewhere around 60% of all web based applications, not that I have to since the mhtml vulnerability is still on the loose. But I really think that the whole concept of browser same origin policy security is a theory at this point, and a theory that isn’t proving to be very successful as it turns out. Anyway, read Jeremiah’s post. He’s put enough thought into it to have a working prototype, but I’m sure someone else is going to want to take this to the next level. If anyone does please let me know. I’ll be interested to see the working example.