Bug 276747

Summary: rekonq is still vulnerable to CSS history fishing.
Product: [Applications] rekonq Reporter: Florian Mäder <florian.maeder>
Component: generalAssignee: Andrea Diamantini <adjam7>
Status: RESOLVED UPSTREAM    
Severity: normal    
Priority: NOR    
Version: 0.7.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:

Description Florian Mäder 2011-06-29 13:08:52 UTC 
Version:           0.7.0 (using KDE 4.6.2) 
OS:                Linux

There's a way how to use CSS to fish for visited websites.

You can find a detailed introduction here:
http://infinity-infinity.com/2009/06/sniffing-browser-history-with-css/

The above article's example is offline but you'll find a working example here:
http://didyouwatchporn.com/

Reproducible: Always

Steps to Reproduce:
http://didyouwatchporn.com/

Actual Results:  
Depends ;-)

Expected Results:  
Block the queries.
Comment 1 Andrea Diamantini 2012-04-13 15:34:22 UTC 
Although this is a qtwebkit problem, it seems fixed in qtwebkit 2.2.x.