W3C home > Mailing lists > Public > www-style@w3.org > December 2009

Re: [cssom] unrecognized rules and properties

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 17 Dec 2009 10:40:13 -0800
Message-ID: <4B2A7B0D.9020902@mit.edu>
To: timeless@gmail.com
CC: Mike Wilson <mikewse@hotmail.com>, Anne van Kesteren <annevk@opera.com>, www-style@w3.org
On 12/17/09 5:19 AM, timeless wrote:
> from memory the other concern people had was the ability for a site to do:
> @import url(https://bank.com/balance.cgi);
> and then interrogate the unknown rules to recover the web page.
> I take it that people have solved this problem and are no longer worried?

Gecko throws a security exception on attempts to get the rule list of a 
stylesheet that's not same-origin with the calling script, to prevent 
interrogation of things that even happen to look like known rules. 
Can't speak to what other browsers do.

Received on Thursday, 17 December 2009 18:41:11 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 February 2015 12:34:31 UTC