Sorry -
Mostly non-password encoded forms that don't refresh when you hit
submit. After Submitting 3 or 4 times they seem to work. Like most
ISP's, we take calls when somebody's web site doesn't work, even if we
don't even host it.
I rather treat this patch as a _bug_. user:password@host format is used (I
have 3 or 4 instances in monitoring system, to allow automatic proxy
onto the system with 'guest' user name, for example). To block scam, it was
sufficient to restrict username length, or to set up a checkbox in explorer
setting.
The whole idea is wrong - instead of fixing IE (just show REAL host name,
for example), MS decided to drop functionality. We (in our company) adviced
people _against_ this patch. It broke legitimate addresses, and fix a very
rare and exotic problem... which can be fixed by many other ways.