> I believe I have a legitimate use-case (described in comment #9) for needing > to change the URL in "beforeunload".
I am probably at least partly to blame for the browsers not letting you do that - I reported several onbeforeunload attacks some 8 years ago. Sorry!:-) In general, there is a security-driven desire to prevent a website from "trapping" visitors and not allowing them to navigate away. This not just a matter of nuisance attacks, but when employed in a clever way, can be a powerful tool for phishing if you can convince the user to type in a known URL and then spoof the page transition. If we end up allowing navigation to be aborted or modified from within unload-related events, we need to keep that in mind. /mz