[8748] in bugtraq
ie4 messes around with referrer-string
daemon@ATHENA.MIT.EDU (bungle)
Sun Dec 20 15:23:55 1998
Date: Sun, 20 Dec 1998 09:49:28 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: bungle <meinbugtraq@GMX.NET>
To: BUGTRAQ@NETSPACE.ORG
After seeing the posts about the ValueClick posts,
I consider a ie4-"feature" I just found annoying may
in fact be security related.
description: when openening a url in a new window and
continuing with a bookmark back in the old window,
ie4 permanently sends the url of the new window
as referrer-string in the old window.
- tested with ie 4.01 german (just on one win95 system).
The short description is a little bit confused, so step by step:
REMARK: hostA, hostB are just dummi-names!
1) start ie
2) goto www.hostA.com (typing the url in ie4)
3) open a url from hostA in new-window, for example www.hostA.com/index2.htm
4) change back to first ie-window, and - via bookmark - goto www.hostB.com.
hostB has a link on it where it shows the referrer
(i.e. via javascript : document.referrer)
5) click the link on hostB, it _should_ give 'www.hostB.com' as referrer,
but it shows 'www.hostA.com/index2.htm'.
I have no www-site at hand, but for easy testing setup a local
webserver (for hostB) and use this short file
<html>
<SCRIPT>
function getReferrer() {
return document.referrer
}
</SCRIPT>
<HEAD>
<SCRIPT>
document.write ("referrer: ", getReferrer());
</SCRIPT>
</HEAD>
</body>
</html>
Other observations:
This behavior holds on for more than one click on www.hostB.com, you
may reload the page or walk around at hostB, always the false referrer
is delivered.