I don't think you understand what a referer is? In terms of an http request anyway.. referer is one of the fields sent by the client to the server basically saying "Hi, this where I'm coming from, so in theory this page is linking to you" Let's say that field is filled with »www.google.com/
So now the web server looks at it and says "Ah, cool, google is linking to me".. and in in the case of some happy blog owner he now has a script generate that on his weblog..
"hey look guys, I"m getting traffic from »www.google.com".. but see, he doesn't actually do this by hand just gets the referring url from the http request.
Now the bad guy takes that request and modifies it to instead of the link have a line of javascript like say.. <script>top.top.location.href=bignastypornsitecom';</script> and goes off and hits the weblog with this modified request (his own request, not someone elses).
The weblog owner has this scripted so he doens't see that this isn't a real referer and happily displays it on his page.. at which points this referer acts like any javascript would when embedded in html.. it redirects. -- daily madness
bluebearMX Get The Word Out Premium join:2002-07-12
Yeah, I know what a referrer is. I've used it before in ColdFusion. I just didn't understand what the javascript code injection was all about. I understand everything you're saying now. Thanks to imp's PM's and you. -- AZIZAVENUE - For Macromedia Enthusiasts Bezworks Design Featured Client
I understand everything you're saying now. Thanks to imp's PM's and you. 
