Preloaded images with JavaScript

This document shows the back.gif and music.gif images. If you have JavaScript enabled, these should have been loaded by the previous ImgPreload.html page. The server's access log should now show a reference to this page, but should show no new GET for these images, because they should be in your browser's cache.
There are several important things to notice about this preloading:
If you have JavaScript enabled, this page should have loaded with little or no delay. The images were loaded into your browser's cache while you read the previous page, and don't need to be loaded again.
Why this is useful.
If a web site has a lot of related pages that share graphic images, this Java and JavaScript feature can significantly speed up your access to the pages. The reason is that the common images are downloaded while you read the main page, which should have relatively few graphics. The network load is the same (or possibly higher), but the images are downloaded during otherwise idle time, so from the user's viewpoint it seems faster.
How this can be abused.
You probably didn't notice, but there were actually three images loaded by the previous page. The third isn't shown here. Can you find it? (Hint: It is in your browser's cache.) Think about this a bit.
What a site can do to you.
While this feature was intended to speed up web accesses for sets of related pages, it can also be used to embarrass people by loading things into their browser's cache. For example, suppose a coworker gets angry with you and decides to cause you some trouble. They can copy this demo code to a page of their own, replace the hidden image's URL with a pointer to a pornographic web site, and invite you to look at their page. You won't see anything suspicious, but the porn site's page is now in your browser's cache. If anyone is monitoring your Web usage, they will see that you just accessed a pornographic site. If someone examines your browser's cache, they will find a pornographic image there. In some companies, this can get you fired.
How can you protect yourself from this sort of misuse of preloading? There is only one way: Turn off Java, Javascript, ActiveX and any other sort of remote programming or scripting that your browser has. They all let remote sites do this sort of preloading. If you do this, preloading will no longer work, and web sites that use it will not download as fast. The pages will look the same on your screen, unless they require scripts to work, but you won't get the hidden image. Only images that are actually used will be downloaded.
As more and more companies install software that monitors their employees' Web usage, and more Web-site developers learn the tricks of the trade, this sort of thing will be come much more common. When used to speed up Web access, it is useful. But it is a real source of potentially embarrassing files on your disk. Your only defense is to disable anything that allows a remote site to run code on your machine.

Languages like Java, Javascript and ActiveX allow a web site to send code to your browser that is run automatically. Allowing strangers to run code on your machine is never a good idea. If you value the contents of your disk, or are worried about embarrassing files appearing there without your knowledge, you should make sure that all such programming tools are disabled.