First post here when I found this topic - I'm a web dev and new to Opera and have now adopted it since it is the ONLY browser with it's salt: Chrome now barely qualifies as a real browser since it cannot run all javascript environments correctly, and often the renderer freaks out at pretty basic stuff, Firefox is excellent except for memory leaks and ridiculous consumption of resources and memory. Internet Explorer - well, it historically has never been a real browser, but now is a lot better - not as good as Firefox, but certainly better than Chrome in many aspects.
Anyhoo, so Opera is without doubt the best browser at this point. But this querystring business actually represents a massive security flaw I wanted to make you aware of, and I was dismayed to read how callously some devs dismissed this, so I hope here to detail an attack vector I might use and how this querystring actually puts Opera users at risk and needs resolving ASAP.
- Attack Vector
I may have a search page on a website (or some sort of input that accepts a querystring and renders out my input as (for instance!) you searched for ...) which - if not sensitised correctly, allows me to inject an iframe using XSS like so:
mysite.com/search?q=<iframe src= ... ...
(obviously would need encoding in most cases to succeed).
So suppose my new section of this page is styled to look exactly like the website the user /believes/ they are on - I could render the same markup as their login page (except it now points to a URL I can control - so I will log them in, but secretly keep a copy of the details used as a man-in-the-middle attack here)
In Opera, as a user I would have no way of knowing since I cannot even see the querystring! Even though I'm security concious and would immediately think "What the...?" at the URL, now I will not, and will quietly hand over my login details, which I would not have done had I been using any other browser.
This is just one scenario, but I can think of MANY more. I'm saying this because firstly I believe Opera to be the best browser at the moment -and this is my one and only bug-bear so far, that I would go as far as to say represents a security risk to the end user, by obfuscating the true URL, thereby allowing greater prospects for social engineering in creating XSS attacks.
Would appreciate this being fixed, so I can confidently say "Best browser" without caveat!
Thanks
thefraj