|
|
|
|
|
|
by Zuiii
932 days ago
|
|
|
This could totally be used for phishing, right? Open a link in gmail -> go to nasty site -> press back and see google login page that's actually still the nasty site. Browsers should prevent cross origin sites from seeing where the visitor came from (i.e. clear referrer). Also, why doesn't the back button disable any automatic (non-user initiated) redirects on pages loaded that way? Seems like an obvious fix to the history loops we keep seeing. |
|
|
Often, news aggregators add to urls so the site knows where it came from, or it’s using a feed that already has that.
Now, that said, in an email, you can send links that encode that it’s coming from email, but you would get caught by the non-gmail using people suddenly seeing fake gmail.