- From: Daniel Glazman <glazman@netscape.com>
- Date: Wed, 16 Jan 2002 10:40:25 +0100
- To: Bert Bos <bert@w3.org>
- CC: www-style@w3.org, michael.kraus@informatik.uni-muenchen.de
Bert Bos wrote: >A PhD student, Michael Kraus ><michael.kraus@informatik.uni-muenchen.de>, has written a paper on an >alternative (or: extended) use of CSS and XPath selectors, to allow a >page to be adapted based on the user's profile. > I have carefully read the document and have an important comment to make ; I am cc:ing Michael Kraus. I am under the strong impression that implementation of this proposal could generate a major security flaw. With selection based on browsing contexts, I could give a style (color for instance) to an element in a web document based on the user's browsing history, retrieve the computed value of the color for that element, deduce that this web page has been previously visited and send the data back to a server on the web. I could also send back to a server any information about the browsing device and all the data contained in the browsing context. Minor comment in comparison with this one : the enriched document example at the end of section 2 does not allow selectors like the 2nd example of section 3 to work. HTML markup is not contained in the browsingcontext element... </Daniel>
Received on Wednesday, 16 January 2002 04:42:06 UTC