Leaking browser history
Leaking browser history
Posted Jun 26, 2008 5:42 UTC (Thu) by jhs (guest, #12429)In reply to: Leaking browser history by jwb
Parent article: Leaking browser history
Perhaps NoScript or another extension could have a new option along the lines of "Allow Javascript, but disable/override privacy-leaking functions in a non-standard way"? The wording is awkward but it might be a reasonable compromise for some situations.
Posted Jun 26, 2008 5:48 UTC (Thu)
by cventers (guest, #31465)
[Link]
Posted Jun 26, 2008 8:52 UTC (Thu)
by jamesh (guest, #1159)
[Link] (1 responses)
Posted Jun 27, 2008 0:34 UTC (Fri)
by wahern (subscriber, #37304)
[Link]
Leaking browser history
Konqueror does something lik this intelligently already. For "Open new
windows", you can choose "Allow", "Ask", "Deny" and "Smart". They also
have an "Allow" and "Ignore" for:
1. Resize window
2. Move window
3. Focus window
4. Modify status bar text
Presumably, they could add a 5:
5. Examine URL history
Leaking browser history
It depends on what the you consider to be privacy-leaking functions.
If the CSS visited handling remains intact, getComputedStyle() is not the only way to get at
the information. If you specify a different font size for visited links, then the dimensions
of any parent element will leak the information.
Displaying all links as non-visited is pretty much the only way of fixing the bug. Applying
the browser's visited link colour when rendering while leaving the DOM as is might be an
option, but that leads to accessibility problems for sites that change font/background colours
(i.e. almost every site).
Leaking browser history
Not all links. Just links outside the domain.