LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Leaking browser history

Leaking browser history

Posted Jun 26, 2008 15:36 UTC (Thu) by johnkarp (subscriber, #39285)
Parent article: Leaking browser history 

Couldn't you add a data tainting mechanism to JS/DOM, such that the client 
side can use the history, but nothing derived from it can be sent to a 
server?

(Log in to post comments)

Leaking browser history

Posted Jun 26, 2008 20:12 UTC (Thu) by mrshiny (subscriber, #4266) [Link] 

The problem is that you can deduce the status of visited links indirectly without accessing
the link in the dom.  This is because a link which contains text is rendered in a way that
takes up space on the page.  If a visited link changes the size of its container you'd be able
to deduce that a link was visited by examining the container.  You'd need to taint the entire
dom at that point.

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds