|
|
|
|
|
|
by phkahler
1435 days ago
|
|
|
>> When you make an application, it's often useful to create a static identifier of the application state and push it on the back button... Like I said, I'm sure there are "reasons" for doing it. Put your own "back" button in the application then, don't take MY browser button and reconfigure it. The browser back button should go back in my browser history - including leaving an app, not where some web developer decides it should go. This is a giant security concern introduced for web developer convenience. |
|
|
This is only a security issue because the browser developers want it to be. There's nothing on the standard saying that when you click back, it should go to the previous link inserted by JS, or that there must be a single button for everything, or that every site is treated the same way.
Anyway, removing the quite useful possibility of the browser remembering the history of the usage of an application won't solve the issue of browser innovation being destroyed or of malicious sites using any loophole available to get something out of you. For that we need browsers and basic web infrastructure that are focused on supporting your needs, what the current crop clearly isn't.