From kfm-devel Wed Jul 09 02:54:26 2003 From: George Staikos Date: Wed, 09 Jul 2003 02:54:26 +0000 To: kfm-devel Subject: Re: Fwd: [Bug 22558] referrer leaks through to non-referring site X-MARC-Message: https://marc.info/?l=kfm-devel&m=105771939028313 On Monday 07 July 2003 09:52, Waldo Bastian wrote: With IE5 on Mac: > (1) Browse from referrer.php to referrer2.php to referrer3.php via the > links on the pages. > - The referrer should point to the previous page in each instance. Works > (2) Use the back button to go back. > - The referrers should not have changed, both referrers on referrer2.php > should still point to referrer.php. Works > (3) Reload the page. > - The referrers should not change, both referrers on referrer2.php should > still point to referrer.php. Works > (4) Browse to referrer3.php via the link on the referrer2.php page. Then > visit 15 other pages (To flush the page-cache for referrer2.php) and clear > the cache. Now go back to referrer2.php using the history. > - The referrers should not change, both referrers on referrer2.php should > still point to referrer.php. Untested. I don't know this browser well enough to reliably do this properly. > (5) Go to referrer3.php and then enter referrer2.php in the location bar. > - Both referrers should be empty. Works > (6) Go to referrer.php and browse to referrer2.php. Now enter referrer2.php > in the location bar. > - Both referrers should be empty. Works > (7) Go to referrer.php and browse to referrer2.php. Now enter > referrer2.php#bla in the location bar. > - Both referrers should not change, both referrers on referrer2.php should > still point to referrer.php. Fails. The referrers clear. > (8) Go to referrer.php and browse to referrer2.php. Now click on > "Javascript reload". > - Both referrers should not change, both referrers on referrer2.php should > still point to referrer.php. Works > (9) Go to referrer.php and browse to referrer2.php and bookmark it. Go to > referrer3.php and then go to referrer2.php using the bookmark. > - Both referrers should be empty. Works > (10) While still on referrer2.php select the referrer2.php bookmark again. > - Both referrers should be empty. Works > (11) Go to referrer2.php and select "Redirection to referrer3.php". You > should end up on referrer3.php. > - Both referrers should point to referrer2.php Fails - HTTP.Referer points to redir.php > (12) Go to http://foo:bar@//referrer.php (Fill in and > accordingly) and browse to referrer2.php > - Neither referrer should contain either foo or bar. Fails - Javascript.referrer contains the username and password. -- George Staikos KDE Developer http://www.kde.org/ Staikos Computing Services Inc. http://www.staikos.net/