Jeremiah lists a few words of caution when using this code, and I’d like to add one to the list. The mhtml vulnerability is still out there and using it can easily circumvent this, by including an iframe to a remote site with this malicious code. In Jeremiah’s words, “everything breaks down completely with [browser vulnerabilities]”. He’s exactly right. So experimental, yes, neato, yes. I’m sure there is lots more research to be done, and I’d be curious to hear of anyone able to undefine his __defineGetter__ functions.