Because there's a 300-comment thread on Hacker News[1], where people complain that modern web-apps don't respect the back button (Those people want it to go 'back' in state, inside the webapp, instead of bouncing you back to the previous website they visited.)
They say that it's easy to build a webapp that correctly uses the back button, to go back in state inside the application.
What they don't realize is that it opens up the security hole outlined here. When you allow the page you're on to overwrite your back button's behaviour, you get shit like this.
They say that it's easy to build a webapp that correctly uses the back button, to go back in state inside the application.
What they don't realize is that it opens up the security hole outlined here. When you allow the page you're on to overwrite your back button's behaviour, you get shit like this.
[1] https://news.ycombinator.com/item?id=17767260