SecurityFocus: Using the back button in IE is dangerous. [via Slashdot: Don't Hit That Back Button] IE allows urls containing the javascript protocoll in the history list.
Code injected in the url will operate in the same zone/domain as the last
url viewed. The javascript url can be set to trigger when a user presses
the backbutton.
§
I am no longer accepting public comments on this post, but you can use this form to contact me privately. (Your message will not be published.)
§
© 2001–present Mark Pilgrim