Web 2.0 means different things according to who you speak to, but one ubiquitous part of the definition is User Created Content (UCC). UCC essentially means giving the tools to create html on your website to someone other than the webmaster. And as soon as you give the keys to the castle to the great unwashed, then the great unwashed are going to try to crap in the moat.
A very crude attack would go something like this:
<a href="http://www.google.com" onclick="window.open('http://www.yahoo.com', '_self'); return false;">Click me</a>
Defending against this can be very problematic unless you strip out all tags… However there are a number of libraries that should help , foremost amongst them is HTML Purifier. As an alternative you can allow the use of BBCode to be inserted. BBCode is a simplified markup that lets you insert a basic tag like syntax that is parsed on the server into html tags. TinyMCE has plugin to enable the easy use of BBCodes, so it may be that for applications that let the general public create content, this is the safest route.