Detecting if a cross-site page triggered a navigation (or didn’t) can be useful to an attacker. For example, a website may trigger a navigation in a certain endpoint depending on the status of the user. To detect if any kind of navigation occurred, an attacker can: Use an iframe and count the number of times the onload event is triggered. Check the value of history.length, which is accessible through any window reference. This provides the number of entries in the history of a victim that w...
