> I am under the strong impression that implementation of this proposal > could generate a major security flaw. > > With selection based on browsing contexts, I could give a style (color > for instance) to an element in a web document based on the user's > browsing history, retrieve the computed value of the color for that > element, deduce that this web page has been previously visited and send > the data back to a server on the web. I could also send back to a server > any information about the browsing device and all the data contained in > the browsing context. We thought about our proposal to cope better with security concerns as other approaches. Our approach is completely client-based, so no information has to be sent to the server, as compared to cookies or even CC/PP, for example. I don't understand well if it is possible with CSS what you describe above, namely to send information about computed values to the server. MichaelReceived on Wednesday, 30 January 2002 10:33:01 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:54:12 GMT