[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What triggers "A script modified the host part ..." warning?

From: Giuseppe Scrivano
Subject: Re: What triggers "A script modified the host part ..." warning?
Date: Thu, 10 Jan 2008 12:44:52 +0100
User-agent: Thunderbird (Windows/20071031)

novakyu wrote:
Well, it's just simple <a href=" ... "> It uses relative links. :)
There's one exception. I do use Apache's Rewrite module to hide the
fact that some of the pages are served by a python script (a classic
security-by-obscurity ;) ), and this is the relevant portion of
  RewriteEngine on
  RewriteBase /
  RewriteRule ^posts.shtml(.*) cgi-bin/posts.py
  RewriteRule ^posts-add.shtml(.*) /cgi-bin/restricted/posts-add.py
  RewriteRule ^blog.shtml(.*) cgi-bin/blog.py
  RewriteRule ^blog-add.shtml(.*) /cgi-bin/restricted/blog-add.py
But I don't think the browser could detect that (other than the fact
that it's passing GET variables to a static page), even if it wanted
In any case the browser doesn't know if a page is a static page or a dynamic page. All these rules are not visible outside, the browser doesn't know anything about them. Moreover, they don't modify the host part of the URL.

Hm. You are right. I guess I didn't notice that the status-bar link
changed after I click on it or ... even after I simply copy the link
(by right-clicking). Then the question is ... should IceCat be warning
me about that now? Because it's not.
That is exactly the behaviour we want to report to users.

If you copy the link and paste it in the browser then you see it and you know what you are requesting, the browser can't detect this behaviour for example if you request a page like:


It looks and it is a regular HTTP request.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]