... achieve security goals, to eliminate common security exploits, and to secure the emerging class of rich, cross-domain Web applications referred to as Web 2.0.In order to support end-to-end security, ... client Web browser.Most Web applications aim to enforce simple, intu-itive security policies, such as, for Web- based email, dis-allowing any scripts in untrusted email messages. Evenso, Web ... onlystraightforward changes to existing Web browsers. Wegive numerous examples of attractive, new security poli-cies that demonstrate the advantages of end-to-end Web application security and of our proposed...