eval evil. Spyjax used to be one of those evil things but browsers seem to have figured that out. One technique I've seen lately is clickjacking -- presenting a link as one URL but then changing the URL quickly to trick the user. Let me show you what I've seen.
When visiting CNBC, I would occasionally command+click a link to a post to open it in a new window, but Google Chrome would refuse via the popup blocker. That confused me -- I'm triggering a "native" action, why is the popup blocker hassling me? Because CNBC was being gangsta:
<a href="/some-url" onmousedown="this.href='/some-other-url';">Misleading Link Title</a>
href to the "bad" address upon mousedown, thus changing the destination before the use knew it. This is an incredibly shady practice with only one possible purpose: gaming the user and possibly even search engines.
It's impressive that Chrome detected CNBC's technique and blocked the click. Clickjacking could become a serious issue and I've lost a lot of trust in CNBC. If you're participating in this practice, it may be best to stop -- the browsers are on to you.