Don't see why this was downvoted. Once your opponent is executing arbitrary JavaScript on your browser, there's no real reason for them to try tricking you into clicking a link when they can just use one of the outstanding security vulnerabilities for your browser to install malware.