W3C home > Mailing lists > Public > public-webapi@w3.org > April 2008

Re: [selectors-api] Handling :link and :visited Pseudo Classes

From: L. David Baron <dbaron@dbaron.org>
Date: Wed, 16 Apr 2008 15:28:36 -0700
To: Arve Bersvendsen <arveb@opera.com>, Maciej Stachowiak <mjs@apple.com>
Cc: Travis Leithead <travil@windows.microsoft.com>, Lachlan Hunt <lachlan.hunt@lachy.id.au>, public-webapi <public-webapi@w3.org>
Message-ID: <20080416222836.GA6171@ridley.dbaron.org>

On Wednesday 2008-04-16 23:26 +0200, Arve Bersvendsen wrote:
> Also note that it is impossible to protect against Anne's suggested exploit 
> where you load a randomized and unique tracker image as background or 
> content for visited links, and do the data collection serverside instead.

It's not impossible; it just requires deviations from current
standards and probably a lot of work.

On Wednesday 2008-04-16 14:39 -0700, Maciej Stachowiak wrote:
> I'd like us to understand how it is feasible to every fully solve this 
> problem before catering to partial solutions in the Selectors API spec.

My current thinking (from
https://bugzilla.mozilla.org/show_bug.cgi?id=147777#c65 ) is that
what we'd need to do to fix this is:

 1. change CSS selector matching so that :visited rules are used
    *only* for the non-alpha components of the 'color' and
    'background-color' properties (and everything else is computed
    based on the :link rules)

 2. make getComputedStyle and any other APIs lie about those two
    properties

I think anything short of (1), with perhaps a few additional allowed
properties, is subject to timing exploits (which are sometimes
inherently engine-dependent), such as the example in
https://bugzilla.mozilla.org/show_bug.cgi?id=147777#attach_135350
which works at least in some older versions of Mozilla and Opera.

I'm not sure whether this is something we actually *want* to do.

-David

-- 
L. David Baron                                 http://dbaron.org/
Mozilla Corporation                       http://www.mozilla.com/
Received on Wednesday, 16 April 2008 22:30:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 16 April 2008 22:30:21 GMT