Ruby, Rails, Firefox, Anime, Mac
In: Browsers10 Dec 2003
IE has a new security flaw which will be a major boon to spammers and frauds. This flaw allows spoofing of URLs via the http://user@domain nomenclature. For example, a fraudulent spammer could well direct victims to http://firstname.lastname@example.org, but have it show up as http://www.paypal.com&sessionid%123456789 (of course, the fraudulent webpage has to be convincing enough to fool victims into believing they are actually at PayPal!). This works because by including a 0x01 character after the “@” character, IE hides the real location of the page!
To see it in action, fire up IE and check out this demonstration.
Source: Simon Willison