[whatwg] Proposal: target="_reference"

Philip Taylor wrote on 27/04/08 18:30:
>...
> IE6 supported target=_search and target=_media, to open pages in
> sidebars (closable panes at the side of the browser window). Nobody
> uses those target values (in 130K pages I see 3 pages with either),
> and http://msdn2.microsoft.com/en-us/library/ms534659(VS.85).aspx says
> _media was dropped in XP SP2 and _search was dropped in IE7 ("for
> security reasons"). _reference sounds functionally very similar, so
> how would it avoid those security problems

The problem with _media and _search was that if you gave them an invalid
URL, the resulting error page <res://blahblahblah> was in the "My
Computer" zone, but could still be manipulated (e.g. have malicious code
inserted in it) by the remote page. That could be avoided by not
treating error pages as being in the "My Computer" zone. I guess
Microsoft didn't bother with this because they knew that media was going
to be, and search already was, handled differently in IE7 anyway.

> and why would it be more successful in practice?

Because it would be cross-browser.

Cheers
-- 
Matthew Paul Thomas
http://mpt.net.nz/

Received on Sunday, 27 April 2008 11:06:59 UTC