Published 18 years 11 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read
I've found yet another hole in Safari, this one leaks search queries or anything in the query string. It works by setting the javascript property "host" and redirects an open window to a page which will display the search query.
Tested on Safari 2.0.4 on mac and Safari 3.02 beta on windows.