-----from FullDisclosure ----


multiple web browsers, multiple bugs - onUnload


WARNING: please open a new browser instance for it.


Try http://www.informatik.uni-frankfurt....iclan/location


The page is SUPPOSED to prevent going to somewhere else by changing
the URL back in onUnload (even that is already a reason to disable
JavaScript).


The interesting part is: depending on browser, you see different bugs.


Konqueror: an endless loop of alert boxes, seems to have crashed GNOME
(killing konqueror did not make GNOME usable).


Mozilla, Netscape 7 or Firefox: almost works correctly. Except for two
small bugs: View source shows the source of Google or where you TRIED
to go to, while you SEE the unload-trap page. The other bug: when you
close the browser window, onUnload is executed TWICE (you see two
alert boxes, with the number increasing) and the new page is loaded,
but not displayed. But the view-source bug somehow looks suspicious.
Do other parts of Mozilla think it was another website too?


IE (according to someone on IRC, not verified by me): seems to work
perfectly. For one time. Sometimes it goes to google, displays Google,
but shows the www.informatik.uni-frankfurt.de URL in the location bar.
Entering a search expression then uses the wrong domain name. Could
perhaps be used for reading content from "foreign" web sites, didn't
try.

more

it works on ie6+winxp.pro.ed with all the latest updates but i have not tested other browsers.


..