[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Hobbit] URLPlus interest - looking for feedback
- To: hobbit (at) hswn.dk
- Subject: Re: [Hobbit] URLPlus interest - looking for feedback
- From: Gary Baluha <gumby3203 (at) gmail.com>
- Date: Fri, 31 Jul 2009 16:14:40 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=enuUYMXErAXYxzoT0jsfzNRNuOyGMfOh9VSeMdfqYSw=; b=SLXljG0LQiEfsfeosE7d4lkOXokZBeNJBlCuAVxyQnAvBiHx4b2y0+wJzTGpmj034+ GS9mSbctAusqDuL6TRJ3oX/1lYTqgvnu9jBw6LYAbmp9Q7QCrsW7tlDZ4wswMs2nGvLt pWpkAfN7njVxroRm0s3l97S99aUtVHKAyDNnI=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=A8L+H8Yq6OzZvv3Fs2/ueQb8KoXkwpntRLZSyUbni23TN6zrMZXXN58kBPfTFDjL0Q 3eJ3rSzp7oIuHN419H76oZc9hGGOIaXE0AlJcWYi9128Z3BQPfFW8vuJbGoyefXWsjDW wdw2CfsprQv6h4ZDefVyL5/OaqWN//zGIZ8Is=
- References: <29f517690907290934q2120eaaewf16287ab9cb6ffa8 (at) mail.gmail.com> <5A14875A0A461B48B967A66281C1DFCC0372A1C7 (at) dhreinsvxb03.messaging.danaherad.com> <997a524e0907310157h6b085626g69e7d50a37f721e4 (at) mail.gmail.com> <29f517690907310934y10d088e4n879a8b7635d253c2 (at) mail.gmail.com> <997a524e0907311057r41bc21a0vbf0186e32e236219 (at) mail.gmail.com>
> It's not so much the multi-page redirects using the standard "302: page is now elsewhere" format, as the other weird ways redirects are sometimes done. The one that irritated me the most did all of these, in no particular order:
>
> 1) meta-refresh with zero time delay and a new url
> 2) self-submitting form - i.e. a preloaded form with "form.submit();" at the end of the html, between script tags
>
> 3) self-submitting form - another preloaded form, but with "onLoad=form.submit();" in the html BODY tag
> 4) in script tags, change the page location via: top.location="newurl"
>
> 5) as above, but use "top.href", or "page.href" or something similar.
> I'm not knocking your efforts - you've already done more than I ever did towards a generic webpage check. I just think that the above are going to be tricky to handle in an automated way without replicating a large fraction of a web browser. But, now at least they're documented in the mailing list for anyone interested in doing their own web checks... :)
1: I think my new method would handle that, though I'll have to double-check.
2-5: Wow...
> As for the javascript part, that is a bit more difficult.
>
>
> Especially when the page you just downloaded creates the form POST url on-the-fly from some of the form elements filled in by the user. Yep, saw that happen too... Another weird page ran a java function to generate a random character string to include in the url - luckily the function wasn't too hard to extract and shove through the spidermonkey javascript interpreter... :)
There are some really weird websites out there...