

Apple Safari URL Spoofing - _jomo
http://www.deusen.co.uk/items/iwhere.9500182225526788/

======
_jomo
The code used for this bug is very simple:

    
    
        setInterval(function(){ location="http://www.dailymail.co.uk/home/index.html?random=" + Math.random() }, 10)
    

I assume this is what happens:

It redirects to a new URL every 10ms. The page isn't loaded within these 10ms
and it's already redirecting to a new URL. Safari immediately shows the URL's
domain while the page is loading.

The random part is probably required because Safari wouldn't cancel loading if
it's redirected to the same URL twice.

