Another factoid (Re: [cap-talk] bundling designation and authority)
Tyler Close
tyler.close at gmail.com
Sat Oct 15 13:10:56 EDT 2005
On 10/14/05, Karp, Alan H <alan.karp at hp.com> wrote:
> Sandro Magi wrote:
> >
> > Actually, it's not clear what the actual URL was. Perhaps he typed an
> > extra ../ beyond the homepage?
> >
> Making typos a criminal offense. Sweet.
A little browser testing revealed another interesting factoid for this
case. Safari seems to be the only mainstream browser that will
actually send a Cuthbert URL to the server. Both IE and Firefox parse
the URL on the client side and send the canonicalized URL to the
server. So in IE and Firefox, typing "../" is equivalent to using the
backspace key. It's only Safari that will set off the IDS and lead to
a criminal conviction. Another reason to switch to Firefox? ;)
Tyler
--
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/extensions/moreinfo.php?id=957
More information about the cap-talk
mailing list