Jeremy was kind enough to share a "live WTF" with us all. Although I receive a fair number of submissions that point to a publicly accessible website, I rarely link to the site in question. As bad as it is that Mom-And-Pop-Store.com has a "SqlString" parameter on their viewProduct page, I doubt they'd appreciate it when someone went and replaced "SELECT ... WHERE ProductId=43" with "DROP DATABASE". Not that any of you would do that or anything.
Today's example comes straight from Marlboro.com and is best experienced with FireFox. Go ahead. Click it. I'll wait.
... back? OK, good. Now, if you were using something other than Internet Explorer, you likely experienced a familiar sight: a blank page as a result of the site being coded for IE only. In and of it self, that's not too big of a deal, even for #20 on the Fortune 500 List,
Philip Morris Altria.
What inspired me to share this with you today was the unique way that Marlboro.com redirects visitors to the actual content page. Consider that, normally, if one wanted to redirect visitors from one page to another, he'd use one of the following techniques:
- Sending a HTTP 300 "Redirect Response" from the server
- Using the "Refresh" META Tag in HTML
Aparantly not content with any of these fairly standard ways of redirection, the folk(s) behind Marlboro.com decided to use the following:
- Programmatically setting the HREF property of a hyperlink on the page and then executing the (IE-Only) click() method on that hyperlink
Though you can view this for yourself at Marlboro.com, presented below is the HTML source of the page ....