|
|
|
|
|
|
by Xeanort
2857 days ago
|
|
|
You are right that they cannot be added to History, but the code used here changes the back button functionality with $(window).on('popstate', function() {
window.location.href = 'https://example.com';
});
I just tested it and it works with different domain in latest Firefox. |
|
|
That's not really an issue for this particular attack though, which relies on the reverse scenario: the user remaining on the current domain when they expected to navigate back to the third party search engine.