Browsers cannot edit domains in the location bar so this could work, but your suggestion absolutely doesn't.
Furthermore, I don't think the idea I outline above is a good idea because it requires users to learn something more. I'd rather just have the "redirect to and redirect back when done" solution since people have already learned to check "am I on paypal, does my address bar say paypal, is my ssl cert thingy green" and relearning to check "is my selected url paypal even though I'm on github" is not something that would happen quick enough in my mind.
Even if you require the iframe to have some specific styling and make it so the parent DOM cannot edit it, we're talking about spoofing.
With html, js, and css you can reproduce absolutely any iframe styling by simply not using an iframe and pretending you are.
If you were to put the iframe's true url in the location bar e.g. having url: https://github.com/fragement | selected: https://paypal.com/fragment then that could sovle the problem however.
Browsers cannot edit domains in the location bar so this could work, but your suggestion absolutely doesn't.
Furthermore, I don't think the idea I outline above is a good idea because it requires users to learn something more. I'd rather just have the "redirect to and redirect back when done" solution since people have already learned to check "am I on paypal, does my address bar say paypal, is my ssl cert thingy green" and relearning to check "is my selected url paypal even though I'm on github" is not something that would happen quick enough in my mind.