[whatwg] "complete" DOM attribute (image elements)

On Mon, Aug 31, 2009 at 12:05 AM, Boris Zbarsky<bzbarsky at mit.edu> wrote:
>> https://people.mozilla.com/~gavin/detect-image.html
>
> A site that cared about that could send image types for its image 404s, no?
> ?Or does the spec require those to not be shown?

I don't know what the spec requires, but if the site did that, it
would mitigate the <img>.complete "attack" just as effectively as the
observe-layout attack, so I fail to see why changing Gecko's behavior
would introduce a privacy leak.

Gavin

Received on Sunday, 30 August 2009 21:20:19 UTC