However, I think if browsers had this, but off by default until seeing tags to enable it along with any exclusions, that would be great.
It's like pointing to a list of best practices and saying "everyone surely follows these."
For example, someone changed their signature to `[img]/logout.php[/img]` on a forum I posted on as a kid and caused chaos. The mods couldn't remove it because, on the page that lets you modify a user's signature, it shows a signature preview. Good times.
EDIT: For completeness, I have to add, that I am also part of the group of people who have violated that concept. Maybe neither frequently nor recently, but I did it too :-/
It's nothing to do with REST. It's part of the HTTP spec and has always been, that "GET and HEAD methods should never have the significance of taking an action other than retrieval".
> It's like pointing to a list of best practices and saying "everyone surely follows these."
It’s not a ‘best practice’ it’s literally the spec for the web.
Browsers take a more practical approach than "well, it's in the spec, they should know better" which is apparently what you're suggesting.
It's the same reason browsers will do their best to render completely ridiculous (much less spec-complaint) HTML.
User happens to brush over the logout button while using the site. On their next click, they're logged out. Weird. Guess I'll just log in again. Doesn't happen again for some time, but then it does. Weird, didn't that happen the other week? What's wrong with my browser? Oh cool, switching browsers fixed it. You're having that issue, too? Don't worry, I figured it out. Just switch browsers.