Run your browser in private mode, or create a separate user account and run the browser under that. Or just use a different browser for the "secure stuff" (E.g. your online banking etc.). Then it doesn't matter what kind of xss trickery they throw at you, cause your cookies aren't accessible to the browser.
I suppose it might be useful with a browser extension/feature that allowed you to lock access to certain site's cookies until you have explicitly granted use. Sort of like how the keychain works on os x.
I suppose it might be useful with a browser extension/feature that allowed you to lock access to certain site's cookies until you have explicitly granted use. Sort of like how the keychain works on os x.