Re: What triggers "A script modified the host part ..." warning?

[Giuseppe Scrivano]

novakyu wrote:
> Well, it's just simple <a href=" ... "> It uses relative links. :)
> There's one exception. I do use Apache's Rewrite module to hide the
> fact that some of the pages are served by a python script (a classic
> security-by-obscurity ;) ), and this is the relevant portion of
> .htaccess:
>   RewriteEngine on
>   RewriteBase /
>   RewriteRule ^posts.shtml(.*) cgi-bin/posts.py
>   RewriteRule ^posts-add.shtml(.*) /cgi-bin/restricted/posts-add.py
>   RewriteRule ^blog.shtml(.*) cgi-bin/blog.py
>   RewriteRule ^blog-add.shtml(.*) /cgi-bin/restricted/blog-add.py
> But I don't think the browser could detect that (other than the fact
> that it's passing GET variables to a static page), even if it wanted
> to.
In any case the browser doesn't know if a page is a static page or a 
dynamic page.  All these rules are not visible outside, the browser 
doesn't know anything about them.  Moreover, they don't modify the host 
part of the URL.

> Hm. You are right. I guess I didn't notice that the status-bar link
> changed after I click on it or ... even after I simply copy the link
> (by right-clicking). Then the question is ... should IceCat be warning
> me about that now? Because it's not.
That is exactly the behaviour we want to report to users.

If you copy the link and paste it in the browser then you see it and you 
know what you are requesting, the browser can't detect this behaviour 
for example if you request a page like:

http://www.bad.site.com/track.me.html?redirect=my.real.site.com

It looks and it is a regular HTTP request.

Giuseppe