|
Bugtraq
mailing list archives
ie4 messes around with referrer-string
From: meinbugtraq () GMX NET (bungle)
Date: Sun, 20 Dec 1998 09:49:28 -0500
After seeing the posts about the ValueClick posts,
I consider a ie4-"feature" I just found annoying may
in fact be security related.
description: when openening a url in a new window and
continuing with a bookmark back in the old window,
ie4 permanently sends the url of the new window
as referrer-string in the old window.
- tested with ie 4.01 german (just on one win95 system).
The short description is a little bit confused, so step by step:
REMARK: hostA, hostB are just dummi-names!
1) start ie
2) goto www.hostA.com (typing the url in ie4)
3) open a url from hostA in new-window, for example www.hostA.com/index2.htm
4) change back to first ie-window, and - via bookmark - goto www.hostB.com.
hostB has a link on it where it shows the referrer
(i.e. via javascript : document.referrer)
5) click the link on hostB, it _should_ give 'www.hostB.com' as referrer,
but it shows 'www.hostA.com/index2.htm'.
I have no www-site at hand, but for easy testing setup a local
webserver (for hostB) and use this short file
<html>
<SCRIPT>
function getReferrer() {
return document.referrer
}
</SCRIPT>
<HEAD>
<SCRIPT>
document.write ("referrer: ", getReferrer());
</SCRIPT>
</HEAD>
</body>
</html>
Other observations:
This behavior holds on for more than one click on www.hostB.com, you
may reload the page or walk around at hostB, always the false referrer
is delivered.
 By Date 
By Thread
Current thread:
- ie4 messes around with referrer-string bungle (Dec 20)
|
Intro
