[8748] in bugtraq

home help back first fref pref prev next nref lref last post

ie4 messes around with referrer-string

daemon@ATHENA.MIT.EDU (bungle)
Sun Dec 20 15:23:55 1998

Date: 	Sun, 20 Dec 1998 09:49:28 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: bungle <meinbugtraq@GMX.NET>
To: BUGTRAQ@NETSPACE.ORG

After seeing the posts about the ValueClick posts,
I consider a ie4-"feature" I just found annoying may
in fact be security related.

description: when openening a url in a new window and
continuing with a bookmark back in the old window,
ie4 permanently sends the url of the new window
as referrer-string in the old window.

- tested with ie 4.01 german (just on one win95 system).

The short description is a little bit confused, so step by step:
REMARK: hostA, hostB are just dummi-names!

1) start ie
2) goto www.hostA.com (typing the url in ie4)
3) open a url from hostA in new-window, for example www.hostA.com/index2.htm
4) change back to first ie-window, and - via bookmark - goto www.hostB.com.
   hostB has a link on it where it shows the referrer
   (i.e. via javascript : document.referrer)
5) click the link on hostB, it _should_ give 'www.hostB.com' as referrer,
   but it shows 'www.hostA.com/index2.htm'.

I have no www-site at hand, but for easy testing setup a local
webserver (for hostB) and use this short file

<html>
<SCRIPT>
function getReferrer() {
return document.referrer
}
</SCRIPT>
<HEAD>
<SCRIPT>
document.write ("referrer: ", getReferrer());
</SCRIPT>
</HEAD>
</body>
</html>

Other observations:
This behavior holds on for more than one click on www.hostB.com, you
may reload the page or walk around at hostB, always the false referrer
is delivered.

home help back first fref pref prev next nref lref last post