A summary, as well as some proposals for Firefox UI to handle Spoofing of the Browser's User Interface.
Check out my comments there first
There's been some level of "theoretical" work on this issue, which comes down to the claims mentioned in the entry mentioned above: that it's not enough to do some kind of warning about untrusted data, you need to indicate where the line between trusted (part of the browser UI) and untrusted (web content) lies. And you need to use a box, mostly because of the status bar.
I'm not happy with solutions that involve adding UI to the browser. It's a waste of screen space for a supposed problem that is not really a problem in the wild yet. Looking forward to potential problems is great, but only if a half-way elegant solution is found.
This post has been in draft mode for a bit, so here's some commentary from someone else on the problem of these "solutions".
I intended for this to be a more complete analysis of the problem, but I want to get these thoughts out first, and then I'll come back and tackle the issue as I see it. I'm still working it out in my head, so I'm likely to end up contradicting myself a bit. Be patient.