Firefox 3.7 "Minefield" is capable of restricting certain classes of embedded code from execution, and Web sites can advertise to browsers in advance which classes of code its pages contain. The end result, the developers of Mozilla's Content Security Policy (CSP) hope, is that policy-enhanced browsers will be completely immune from cross-site scripting (XSS) and Cross Site Request Forgery (CSRF) attacks from malicious sources, for the purposes of information stealing, website defacement, malware planting, etc., by virtue of restricting themselves to either only executing inline code from trusted, certified sites, or not executing any such code at all.

You can see the demo, and download Firefox 3.7 here.