Bug 196970

Summary: Browser history can be sniffed via CSS Tricks(without Javascript)
Product: [Applications] konqueror Reporter: Arne Babenhauserheide <arne_bab>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: adawit, aros
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:

Description Arne Babenhauserheide 2009-06-18 08:35:41 UTC 
Version:           4.2.4 (KDE 4.2.4) (using 4.2.4 (KDE 4.2.4), Gentoo)
Compiler:          x86_64-pc-linux-gnu-gcc
OS:                Linux (x86_64) release 2.6.29-hh2

This is not just a Konqueror bug, but a general weakness in the CSS specification: Setting a background image for "visited" links allows sniffing the browser-history using only CSS. 

If you want to test it yourself, please have a look at "the sites you visit": 

-> http://www.making-the-web.com/misc/sites-you-visit/nojs/

A strange result is, though, that the site lists very many sites I don't remember visiting, so Konqueror might be immune - a solution I can think of is to always load the resources for all states of links at once (normal, visited, hover, ...). 

Best wishes, 
Arne
Comment 1 Dario Andres 2009-08-18 19:46:04 UTC 
*** Bug 199106 has been marked as a duplicate of this bug. ***
Comment 2 Dawit Alemayehu 2011-12-21 06:59:10 UTC 
The provided link no longer works, but the test cases from the firefox bugzilla report from comment #1 show that the issue cannot be reproduced with either one of the browser engines in KDE 4.7.4 or higher.