Other browsers expanding on Opera weirdness
rsnake recently made a post regarding some weirdness I found in Opera. Opera gives an error message when unencoded html is inserted into the address bar.
The URL http://<script> contains characters that are not valid in the location they are found.
- The reason for their presence may be a mistyped URL, but the URL may also be an attempt to trick you into visiting a website which you might mistakenly think is a site you trust.
This is the first time I’ve seen anything like this. Now while it may not in itself be a security feature, it could certainly go in that direction. If it also dealt with encoded chevrons (< as %3C) then it could be a large jump forward in the fight against XSS, specifically reflected vectors.
I have posted on a few various Web Browser community boards
with hopes to get attention to this suggestion. I doubt it will be implemented soon.
But with XSS being the top risk lately, it’s slightly comforting to know we might have
at least some defense.
I’ll update my non-existant readers on the status of the message board threads.
I'm having a problem installing Opera 9.02 on FC5.
Every time I try to run it, it comes back with a “unable to find software information” error.
When I try to run it from the command line, I get 6 conflict errors.
I must add that I already have Opera 8.54 but I close it down before I try and run it.
Joe
12/1/2006 at 5:56 am