Re: CSS visited pages disclosure

Maybe one solution is to:

1) Specify that the value for the url() property must be a URL and not a
URI if served over the internet.
2) Specify that, if the URL above uses either of the http, ftp, or other
internet URL scheme deemed vulnerable, that the query portion must be

Comments?  Flames?  Fan-mail? :)

Jimmy Cerra

P.S. Sorry, if this has already been corrected and I don't yet know
about it.

Received on Tuesday, 16 April 2002 04:47:23 UTC