
Google Researcher Dissects Sophos Antivirus Software - gulbrandr
http://www.darkreading.com/taxonomy/index/printarticle/id/231300463
======
genieyclo
Interesting that they put the referrer url at the top of the page for some
reason. And they don't allow you to view the source of the page, <C-u> goes
and redirects you to the article again. Why?

~~~
waterhouse
Seems strange to me that Chrome allows such a thing to happen at all (the fact
that "view source" redirects to the page itself).

Why does it re-download the page, in fact, rather than just displaying the
source of the page as already downloaded (given that you're currently viewing
that page)? I suppose there is the sort of notion that "view-
source:<http://..>. is a URL and is accessed like any other, but couldn't it
load the cached copy when you first call the "view source" command?

Oh well, curl gets the job done. <http://pastebin.com/GkeBmj9u> Wonder what
I'd do if I wanted to view the source of a page that required some kind of
cookie to access. Eh, maybe the "developer tools" thing; but "view source"
kind of is a developer tool, and at any rate should do what its name suggests.

[It seems, by the way, that Firefox does everything I've been asking for here,
_except_ for making it clear that "view-source:<http://..>. is a URL. It does
handle such a URL, but when you run the "view source" command, it brings up a
new window with no visible URL bar, and only by an adventurous guess and
analogy with Chrome did I find that that URL worked.]

~~~
Flow
Sounds to me like the view-source running something from the page could
possibly be used a domain-escaping bug. Just a gut feeling though.

~~~
JonnieCache
Pulling it with curl shows there are no scripts in the page. Even if I use a
chrome UA header. Curious.

No funny response headers either.

