this is crazy??
http://www.holux.com/product/search.htm?filename=gpsreceiver_bluetooth_gpslim236.htm&target=gpsreceiver00&level=grandsonson
+++++++++++++++++
function loadTarget(){
if ((filename!="")&(target!="")&(level!="")){
parent.mainFrame.location.href = filename+"?target="+target+"&level="+level;
}
}
+++++++++++++++++

=>http://www.holux.com/product/search.htm?filename=http://www.yahoo.com&target=search&level=search

no not crazy.

it's not entirely harmless. But everything interesting happens on the client side,
and within the right context.

You could make a website, and appear to be html injecting, this could
fool some people, and allow you to steal information.

But the technology does not allow you to execute any code on the remote host,
nor is it RFI or LFI.

javascript is also not executed with the credentials of the site, so ..

besides url spoofing .. it doesn't really do you much good imho

any chance someone can explain what this code does exactly? Is it just a way fo rpetending to be another url or what? Sorry for my ignorance...

Nevermind... I didn't notice the second link you had put, makes more sense to me now

if ((filename!="")&(target!="")&(level!=""))

for the record to avoid confusion, and easy mistakes,
they should have used the logic && instead of the binarry
&. Just good practice.