Sogou, 360, travel, window of the century and other browsers "@" characters are not filtered or phishing

Sogou, 360, travel, windows of the century, and other browsers are similar!
 
The software was originally developed based on the IE6 kernel system.
 
IE6 has already been updated
 
Now open http://www.baidu.com @ 2cto.com in IE6 to echo the syntax error message
 
The "@" character is filtered
 
However, there are no echo errors in browsers such as sogou, 360, travel, and window of the century.
 
Instead jump directly to the address http://2cto.com
 
Suppose a Forum supports HTML code.
 
The post content is: & lt; a href = "https://mybank.icbc.com.cn/icbc/perbank/regtip.jsp@www.sina.com.cn/" & gt; http://www.icbc.com.cn/</a>
 
So if the user is using one of the preceding browsers, the information displayed is the http://www.icbc.com.cn
 
But the actual address you click to enter is www.sina.com (what if it is a phishing address ......)
 
Proof of vulnerability:
Suppose a Forum supports HTML code.
 
The post content is: & lt; a href = "https://mybank.icbc.com.cn/icbc/perbank/regtip.jsp@www.sina.com.cn/" & gt; http://www.icbc.com.cn/</a>
 
So if the user is using one of the preceding browsers, the information displayed is the http://www.icbc.com.cn
 
But the actual address you click to enter is www.sina.com (what if it is a phishing address ......)
 
Solution:
Filter out.
 
 
Author Litteryi