W3C home > Mailing lists > Public > www-style@w3.org > December 2009

Re: [cssom] unrecognized rules and properties

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 17 Dec 2009 10:40:13 -0800
Message-ID: <4B2A7B0D.9020902@mit.edu>
To: timeless@gmail.com
CC: Mike Wilson <mikewse@hotmail.com>, Anne van Kesteren <annevk@opera.com>, www-style@w3.org
On 12/17/09 5:19 AM, timeless wrote:
> from memory the other concern people had was the ability for a site to do:
>
> @import url(https://bank.com/balance.cgi);
>
> and then interrogate the unknown rules to recover the web page.
>
> I take it that people have solved this problem and are no longer worried?

Gecko throws a security exception on attempts to get the rule list of a 
stylesheet that's not same-origin with the calling script, to prevent 
interrogation of things that even happen to look like known rules. 
Can't speak to what other browsers do.

-Boris
Received on Thursday, 17 December 2009 18:41:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 22 May 2012 03:47:12 GMT