tags:

views:

40

answers:

2
+1  Q: 

Is there a way to tell the browser to bookmark a different URL than is in the address bar?

I have an application that utilizes rather unfriendly dynamic URLs most of the time. I am providing friendly URLs to some content, but these are used only as an entry point into the application, after which point all of the generated URLs will be the unfriendly variety.

My question is, if I know that the user is on a page for which a friendly URL could be generated and they choose to bookmark it, is there a way to tell the browser to bookmark the friendly one instead of what is in the address bar?

+1  A: 

I had hoped that rel="canonical" would help here, but it seems as if it's only used for indexing. Maybe one day browsers will utilise it.

Alan  2010-08-31 14:57:48
+1 because while this doesn't solve the question, I need exactly this functionality anyhow for search engine indexing.
bgould  2010-08-31 15:08:04
+1  A: 

No. This is by design, and a Good Thing.

Imagine the following scenario: Piskvor surfs to http://innocentlookingpage.example.com/ and clicks "bookmark". He doesn't notice that the bookmark he saved points to http://evilsite.example.net/ Next time he opens that bookmark, he might get a bit of a surprise.

Another example without cross-domain issues: Piskvor the site admin clicks "bookmark" on the homepage of http://security-holes-r-us.example.org/ - unfortunately, the page is vulnerable to script injection, and the injected code changes the bookmark to http://security-holes-r-us.example.org/admin?action=delete&what=everything&sure=absolutely . If he's still logged in the next time he opens the bookmark, he may find his site purged of data (Granted, it was his fault not to prevent script injection AND to have non-idempotent GET resources, but that is all too common).

Piskvor  2010-08-31 15:06:36
I agree with the scenario that you describe, but I'm not trying to cross domains here, so I don't think that this is any more dangerous that domain-scoped cookies or SOP on xmlhttprequest.
bgould  2010-08-31 15:13:26
@bgould: Indeed. I know that you mean no harm, and you know it; but trust is one of the hardest things to put into code, the Right Way and without security holes. It's much easier (and subsequently safer) to code "this is not allowed, ever" than "this is not allowed, except when X, and also Y, but not when Y and Z, and during a full moon".
Piskvor  2010-08-31 15:15:23

related questions

Make Browser Window Blink in Task Bar
Large File Download
Browser's Default CSS
Disable browser 'Save Password' functionality
What's the simplest way to decremement a date in Javascript by 1 day?
Browser scrollbar
Limitations of screen readers.
Version detection with Silverlight
Best way to fix CSS/JS drop-down problem in IE7 when page includes Google Map
Recommendations for browser add-on tools to help with development
Hyperlinks displaced on IE7
Building Standalone Applications in JavaScript
HTML differences between browsers
Browser Sync accross many machines
Getting selected text in a browser, cross-platform.
How to get PNG transparency working in browsers that don't natively support it?
Best WYSIWYG CSS editor?
Javascript events
Preferred way to use favicons?
IE6: To support or not to support.
Getting the text from a drop-down box
Other browsers
Drag and Drop to a hosted Browser control
How can I tell if a web client is blocking ads?
How can I determine a web user's time zone?