This is a free plug-in, and it works only with the latest Safari version 1.2.4 (v125.12). I think Apple will soon release a security update, but in the mean time, Saft Lite is a good solution.
[robg adds: Hao Li is the author of the popular Saft extension set for Safari, which we've discussed here before. If you haven't seen this vulnerability in action, it's bad, as the above example shows. If you're a Firefox user, there are a couple of options: adding a filter to the AdBlock extension, or installing the SpoofStick extension, which will highlight the true domain behind any URL. I added SpoofStick, and it works great. I imagine all of the browsers will have patches out shortly, but until then, I'd recommend adding some sort of spoofing detector.]

