For starters, turn off Javascript ...
Another tactic to take, as a user, is to always log out after completing a financial transaction, and when you're doing something like buying an airline ticket, log in and take an unwavering path through the site until you're done, then log out. No diversions to evilsite.com or whatever.
On the server side, totally off the top of my head ... the site could always check the referrer. If your user has left your site, i.e. you see a referrer from elsewhere, flag the fact in a cookie. Later, when the user tries to complete the transaction, ask for reauthentication. Explain why and tell the user to avoid competitor sites that don't ask for reauthentication in such cases...
If you only checked when the user was trying to post data, as in Adam's forum example, you could still provide hyperlinks to forums etc from a personal page. You'd only be prevented from posting from an offsite page.
I'm sure the Zope folk thought of something like this very quickly, too. Probably means it is full of holes and a worthless idea.
