> Apply all :link rules and, for allowed properties, also apply all :visited rules (at the same time). As I understand it, assuming you only apply `:visited` rules to actually visited links (which per your description looks like it), your behavior can be prone to timing attacks. At least Gecko cascades and selector-matches both visited and unvisited rules _regardless_ of whether the link was actually visited in the first place, to prevent this kind of issues. If I'm not wrong, I should be able to query history in edge adding very expensive selectors to the `:visited` rules, and observing the time difference it takes to style a link vs another. -- GitHub Notification of comment by emilio Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/2037#issuecomment-349492242 using your GitHub accountReceived on Wednesday, 6 December 2017 00:50:12 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 2 July 2022 03:21:02 UTC