Bugtraq: Re: unload event in ie/mozilla/opera

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: unload event in ie/mozilla/opera

From: Tobias Boonstoppel <boonstoppel () gmail com>
Date: Thu, 25 Aug 2005 14:26:47 +0200

the only time that seems to trigger is when a different address is placed in the
address bar.


yes. this is why i added the "window.unlock" which is set true on
document.onmousedown
--> see code

hit reload, you will see the URL of the site you typed in.

yes... strange things happens there. also if you "see source-code"
after the redirect, it shows the source of the url you  typed into the
address-bar.

i did not have time to play some more with it. but maybee there i a
way to spoof an URL

on my opinion this redirect should be blocked (like they do block
popups etc..). this is a security lack... or am i wrong?

cheers
Tobias

By Date By Thread

Current thread:

unload event in ie/mozilla/opera Tobias Boonstoppel (Aug 24)
- RE: unload event in ie/mozilla/opera David Gillett (Aug 24)
  - Re: unload event in ie/mozilla/opera Drew Haven (Aug 25)
    - Re: unload event in ie/mozilla/opera Tobias Boonstoppel (Aug 25)
  - Re: unload event in ie/mozilla/opera Niels Bakker (Aug 25)
    - Re: unload event in ie/mozilla/opera Godwin Stewart (Aug 26)
    - Re: unload event in ie/mozilla/opera Michael Shigorin (Aug 26)
- Re: unload event in ie/mozilla/opera Stefan Kelm (Aug 25)
- <Possible follow-ups>
- RE: unload event in ie/mozilla/opera Early, Clint (Aug 25)