A rogue site can put an unrelated, third-party web application in a hidden frame – and then, by offering some seemingly legitimate functionality, entice the user to type in a body of text. As the user is typing, the attacker is free to examine key codes from within the onkeydown handler – and when desired, momentarily move focus to said hidden frame, causing the actual onkeypress event to be routed there instead. The trick essentially permits arbitrary, attacker-controlled input to be synthesized on the targeted site.”]
Source: http://lcamtuf.blogspot.com/2010/06/curse-of-inverse-strokejacking.html