It's not as simple as that.
It's not as simple as that.
Posted Jun 26, 2008 9:33 UTC (Thu) by ekj (guest, #1524)In reply to: It's not as simple as that. by nix
Parent article: Leaking browser history
You misunderstand. It's not what the -user- has changed. It's what the -site- has changed. If I design a malicious site with the goal of spying out which pages you have visited, there's nothing stopping ME from specifying that visited-links should be in 20pt and nonvisited in 10pt, and then use javascript to figure out which ones fall in which category. (the links can be invisible to you, say by having the background-color or being in a div that has display:none. I'm with the other reply: Render -ALL- links as if they're nonvisited, then apply some local (not influenced by site-CSS) decoration-change that is invisible in the DOM. Yes, this means site lose the possibility of specifying how visited links should look. An advantage anyway since most use that only to set them equal to nonvisited in the first place, because it offends "designers" to have lists of links that have two different looks.
Posted Jun 26, 2008 12:23 UTC (Thu)
by NAR (subscriber, #1313)
[Link]
Posted Jun 27, 2008 9:33 UTC (Fri)
by nix (subscriber, #2304)
[Link]
It's not as simple as that.
I might be missing something, but e.g. Opera has a feature to disable the site CSS and use a
"user CSS" and this would eliminate this bug. Of course, in this case the web starts to look
quite differently than it used to do :-)
It's not as simple as that.
Ah, yes. I must agree with that. I actually use a per-user stylesheet to
force visited links to be rendered as I like, dammit, specifically because
of annoying sites like you describe.