Bug 196970 - Browser history can be sniffed via CSS Tricks(without Javascript)
Summary: Browser history can be sniffed via CSS Tricks(without Javascript)
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: unspecified Linux
: NOR normal
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 199106 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-06-18 08:35 UTC by Arne Babenhauserheide
Modified: 2011-12-21 06:59 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Arne Babenhauserheide 2009-06-18 08:35:41 UTC 
Version:           4.2.4 (KDE 4.2.4) (using 4.2.4 (KDE 4.2.4), Gentoo)
Compiler:          x86_64-pc-linux-gnu-gcc
OS:                Linux (x86_64) release 2.6.29-hh2

This is not just a Konqueror bug, but a general weakness in the CSS specification: Setting a background image for "visited" links allows sniffing the browser-history using only CSS. 

If you want to test it yourself, please have a look at "the sites you visit": 

-> http://www.making-the-web.com/misc/sites-you-visit/nojs/

A strange result is, though, that the site lists very many sites I don't remember visiting, so Konqueror might be immune - a solution I can think of is to always load the resources for all states of links at once (normal, visited, hover, ...). 

Best wishes, 
Arne
Comment 1 Dario Andres 2009-08-18 19:46:04 UTC 
*** Bug 199106 has been marked as a duplicate of this bug. ***
Comment 2 Dawit Alemayehu 2011-12-21 06:59:10 UTC 
The provided link no longer works, but the test cases from the firefox bugzilla report from comment #1 show that the issue cannot be reproduced with either one of the browser engines in KDE 4.7.4 or higher.