Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
Couldn't you add a data tainting mechanism to JS/DOM, such that the client
side can use the history, but nothing derived from it can be sent to a
Leaking browser history
Posted Jun 26, 2008 20:12 UTC (Thu) by mrshiny (subscriber, #4266)
The problem is that you can deduce the status of visited links indirectly without accessing
the link in the dom. This is because a link which contains text is rendered in a way that
takes up space on the page. If a visited link changes the size of its container you'd be able
to deduce that a link was visited by examining the container. You'd need to taint the entire
dom at that point.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds