June 30, 2004
Super Spoof Deluxe
Somebody said that truth is stranger than fiction. This, however, just defies imagination: it seems that Microsoft Internet Explorer allows JavaScript code to modify the contents of existing windows/frames, even when they are in a completely different domain! If you have a MSIE installation, try and view the demos - it's.. enlightening, I guess. Never again trust the URL bar, never again trust the page even when it *looks* genuine - or at least, never trust them if you're viewing the page with MSIE.
I've so far mostly refrained from IE-bashing and such, but this time there's absolutely no choice but to heartily recommend switching away from it - whether to Mozilla Firefox, Opera, Lynx, Safari, or just any other browser... just anything but MSIE! A couple of days ago, Yoz Grahame summarized the reason quite succintly in his discussion of Joel's web app ideas, and this part still has me laughing each time I reread it:
The current Javascript security philosophy can be easily summarised thus: "No." (And the IE/Win version can be summarised thus: "Well, okay, but just a little bit." (pause) "Hey! Come back here!")
Okay, me off soapbox. Just had to let it off. Sorry if I've spoiled a wonderful morning for ya, but... just had to say it.
Posted by roam at June 30, 2004 09:30 AM