To create such a bug, start off with a simple link tag: <a href=""> </a>
And since this is a spoofing bug, it could be used for phishing or luring unsuspecting users into clicking malicious URLs.
Click on any URLS below for demonstration. See the underlying source code to see how the URL spoofing works. And yes, all links are safe.
Pop a message box
- IE 6, Windows XP SP2
- Firefox v1.0.7, Windows XP SP2