Here’s is a short update on some of the smaller security changes the IE team has recently made in Internet Explorer 8 Beta 2.
Restricting document.domain: The document.domain property initially returns the fully qualified domain name of the server from which a page is served. The property can be assigned to a domain suffix to allow sharing of pages across frames from different hostnames. For instance, two frames running at app1.example.com and app2.example.com can script against one another if both frames set their document.domain to their common example.com. A frame may not set its domain property to a top-level-domain, nor to a different domain suffix. For instance, app1.example.com cannot set its domain property to .com or microsoft.com. The HTML5 proposal formalizes the algorithm used to determine if a given domain property assignment is permitted, and it specifically requires that the assigned value is a suffix of the current value.