StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
6409439
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2011-06-20T09:48:41.357
FavoriteCount
0
LastActivityDate
2011-06-20T09:48:41.357
LastEditDate
LastEditorUserId
0
OwnerUserId
797453
ParentId
6395856
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
I've made some progress on this issue. Consider the following: <pre><code>http://www.google.com/%22%%203E%3Cscript%3Ealert%28123%29%3C%2Fscript%3%20E%22 </code></pre> The reason the browser leaves the URL unchanged in this case is that the server returns a HTTP 404 response, signifying that the resource cannot be found. In these cases, Firefox makes no change to the URL. If you instead try a URL that prompts a 200 OK response from Google, such as the following... <pre><code>http://www.google.com/?displayname=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E%22 </code></pre> ...you will find that FireFox will change the URL when the server responds with a changed URL. Try it yourself. In fact if you cut and paste the changed URL into an email, you'll find that the characters remain unchanged. This has nothing to do with what the server actaully responds with, apart from the HTTP reponse code. If the server responds with '404 Not found', FireFox elects to leave the URL in the address bar unchanged. If the server responds with '200 OK', FireFox elects to alter the URL, unescaping some of the characters presumably in an attempt to make the URL more readable. If the resource cannot be found, the logic is I guess that there's no point in doing this. I'm assuming you're using Firefox. In fact, browsers treat this case differently. I've tried typing this URL (the second one) into several browsers. I've summarised the results: Google Chrome Does the same as Firefox. Quotes and angle braces are displayed as normal characters, unescaped. Internet Explorer Leaves the URL unchanged, but presents a message warning about XSS and does not diplay the Google page. Opera Shows just 'www.google.com' in the address bar. Safari Leaves the URL unchanged. I hope this clears things up. One thing you can do to convince yourself of all of this is to run an HTTP debugging proxy like Fiddler. You can see that in each case what the server returns is identical, it is simply a matter of how each browser chooses to alter the URL when the server responds. Kind regards, James
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POWhy do FireFox and certain other browsers alter the URL in the address bar when the server responds
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USJames Smith
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.