- From: Michael Kraus <michael.kraus@informatik.uni-muenchen.de>
- Date: Wed, 30 Jan 2002 16:32:59 +0100
- To: www-style@w3.org
> I am under the strong impression that implementation of this proposal > could generate a major security flaw. > > With selection based on browsing contexts, I could give a style (color > for instance) to an element in a web document based on the user's > browsing history, retrieve the computed value of the color for that > element, deduce that this web page has been previously visited and send > the data back to a server on the web. I could also send back to a server > any information about the browsing device and all the data contained in > the browsing context. We thought about our proposal to cope better with security concerns as other approaches. Our approach is completely client-based, so no information has to be sent to the server, as compared to cookies or even CC/PP, for example. I don't understand well if it is possible with CSS what you describe above, namely to send information about computed values to the server. Michael
Received on Wednesday, 30 January 2002 10:33:01 UTC