LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Leaking browser history

Leaking browser history

Posted Jun 26, 2008 8:52 UTC (Thu) by jamesh (guest, #1159)
In reply to: Leaking browser history by jhs
Parent article: Leaking browser history 

It depends on what the you consider to be privacy-leaking functions.

If the CSS visited handling remains intact, getComputedStyle() is not the only way to get at
the information.  If you specify a different font size for visited links, then the dimensions
of any parent element will leak the information.

Displaying all links as non-visited is pretty much the only way of fixing the bug.  Applying
the browser's visited link colour when rendering while leaving the DOM as is might be an
option, but that leads to accessibility problems for sites that change font/background colours
(i.e. almost every site).

(Log in to post comments)

Leaking browser history

Posted Jun 27, 2008 0:34 UTC (Fri) by wahern (subscriber, #37304) [Link] 

Not all links. Just links outside the domain.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds