RETURN $ecure;

rsnake recently made a post regarding some weirdness I found in Opera. Opera gives an error message when unencoded html is inserted into the address bar.

The URL http://<script> contains characters that are not valid in the location they are found.

• The reason for their presence may be a mistyped URL, but the URL may also be an attempt to trick you into visiting a website which you might mistakenly think is a site you trust.

This is the first time I’ve seen anything like this. Now while it may not in itself be a security feature, it could certainly go in that direction. If it also dealt with encoded chevrons (< as %3C) then it could be a large jump forward in the fight against XSS, specifically reflected vectors.
I have posted on a few various Web Browser community boards
with hopes to get attention to this suggestion. I doubt it will be implemented soon.
But with XSS being the top risk lately, it’s slightly comforting to know we might have
at least some defense.

I’ll update my non-existant readers on the status of the message board threads.