It appears that FireFox 1.6 will have an additional attribute added to the Anchor tag called “Ping”. This feature will let the browser send a notification ping to the URL specified for the Ping attribute. The intent of the attribute is to improve page load performance and provide sites a mechanism for link tracking.
I don’t know about you, but when I put my evil QA hat on I’m thinking that this could be a nice little feature that could gain me more pings/hits to my site. If I set the ping attribute to qainsight.net for every link I put on my page, I could get an extra hit for link clicked; more hits equals more Google Adsense revenue… Okay, the hat is off now, the evil Brent is gone (I won’t be doing that).
I haven’t installed FireFox 1.6 to test this but I’m imagining my evil code would look something like this:
<a href=”http://weblogs.mozillazine.org/darin/archives/009594.html” ping=”http://qainsight.net”>Link to Fried Fish</a>
Can you think of any other exploits?