196970 – Browser history can be sniffed via CSS Tricks(without Javascript)

Bug 196970 - Browser history can be sniffed via CSS Tricks(without Javascript)

Summary: Browser history can be sniffed via CSS Tricks(without Javascript)

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	unspecified Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (1):	199106 (view as bug list)
Depends on:
Blocks:

Reported:	2009-06-18 08:35 UTC by Arne Babenhauserheide
Modified:	2011-12-21 06:59 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Arne Babenhauserheide 2009-06-18 08:35:41 UTC

Version:           4.2.4 (KDE 4.2.4) (using 4.2.4 (KDE 4.2.4), Gentoo)
Compiler:          x86_64-pc-linux-gnu-gcc
OS:                Linux (x86_64) release 2.6.29-hh2

This is not just a Konqueror bug, but a general weakness in the CSS specification: Setting a background image for "visited" links allows sniffing the browser-history using only CSS. 

If you want to test it yourself, please have a look at "the sites you visit": 

-> http://www.making-the-web.com/misc/sites-you-visit/nojs/

A strange result is, though, that the site lists very many sites I don't remember visiting, so Konqueror might be immune - a solution I can think of is to always load the resources for all states of links at once (normal, visited, hover, ...). 

Best wishes, 
Arne

Comment 1 Dario Andres 2009-08-18 19:46:04 UTC

*** Bug 199106 has been marked as a duplicate of this bug. ***

Comment 2 Dawit Alemayehu 2011-12-21 06:59:10 UTC

The provided link no longer works, but the test cases from the firefox bugzilla report from comment #1 show that the issue cannot be reproduced with either one of the browser engines in KDE 4.7.4 or higher.