W3C home > Mailing lists > Public > www-style@w3.org > April 2002

Re: CSS visited pages disclosure

From: Jimmy Cerra <jimbofc@yahoo.com>
Date: Mon, 15 Apr 2002 22:20:26 -0400 (EDT)
Message-ID: <000001c1e4ed$431fe3b0$0100a8c0@locutus>
To: <www-style@w3.org>
Maybe one solution is to:

1) Specify that the value for the url() property must be a URL and not a
URI if served over the internet.
2) Specify that, if the URL above uses either of the http, ftp, or other
internet URL scheme deemed vulnerable, that the query portion must be
ignored.

Comments?  Flames?  Fan-mail? :)

---
Jimmy Cerra

P.S. Sorry, if this has already been corrected and I don't yet know
about it.
Received on Tuesday, 16 April 2002 04:47:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:54:14 GMT