OWASP O2 Platform Blog

Weird behaviour with IE’s about:blank

Usually I use about:blank when wanting to open a blank page in a browser. Today I noticed an interresting behaviour in the embeded IE object that I use in O2 (via WatiN).

What happens is that if we don’t use ‘blank‘ and use other text (for example about:AAAA), that other text will be displayed in the page (in this case AAAA).

What is interresting is that it supports HTML tags, which means that opening the url “about:<h1>hello</h1>” will show the word hello under the h1 style.

Here is a quick O2 script that replicates this behaviour:

var topPanel = panel.clear().add_Panel();
var ie = topPanel.add_IE().silent(false);

ie.open("about:testing");

this.sleep(1000);

ie.open("about:<script>document.write('dynamic script')</script>");

this.sleep(1000);

ie.open("about:<script>alert('interresting...')</script>"); 
//these ones don't work from here
//ie.open(@"about:<iframe src='http://google.com' width=400 height=100> </iframe>");   
//ie.open(@"about:<iframe src='\C:\O2\Demos\testFile.txt' width=400 height=100> </iframe>");   
return "done";

//O2File:WatiN_IE_ExtensionMethods.cs
//using O2.XRules.Database.Utils.O2
//O2Ref:WatiN.Core.1x.dll

Note that this doesn’t seem to work on normal IE, Chrome or Firefox (I only saw it in action in the embeded IE)

November 30, 2011 - Posted by | IE Automation

3 Comments »

  1. I remember using that very feature back in the days of Delphi 3 in maybe 1998-99. It was very useful if you were embedding a browser in your app.

    Comment by Ade | November 30, 2011 | Reply

    • Yeah, I’ve actually already used it a couple times in that scripting environment since it is a faster way to directly load HTML into the browser IE object 🙂

      Comment by Dinis Cruz | January 13, 2012 | Reply

  2. This feature was disabled in IE itself in IE7 but was left in the Web Browser Control for legacy compatibility.

    Comment by ericlaw1979 | January 26, 2012 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: