This may seem very trivial but for some reason I think there is more here. In some tests I did this morning I realized that IE doesn’t handle URL encoded strings very well if they aren’t encoded properly. A normal URL encoding for a quote (") might look like %22. If you substitute the numbers with non-numbers IE freaks out and doesn’t even attempt to load the page in question.
Instead it responds with an error message saying something like “Windows cannot find ‘http://ha.ckers.org/%--’. Please check the spelling and try again.” Okay, error messages are interesting but noisy. How can we suppress them? We’ll get to that in a sec. Before we get there, let’s create a URL to a valid image on my server: http://ha.ckers.org/%--/../images/kcpimp.jpg and throw that into IE’s URI field. Weird, it works, even though it doesn’t work if you use the smaller string: http://ha.ckers.org/%--
Okay, but let’s try throwing that string into an image tag: <IMG SRC="http://ha.ckers.org/%--/../images/kcpimp.jpg">