- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Fri, 21 Oct 2011 02:06:57 +0200
- To: "Gregg Tavares (wrk)" <gman@google.com>
- Cc: www-style list <www-style@w3.org>
* Gregg Tavares (wrk) wrote: >On Thu, Oct 20, 2011 at 4:06 PM, Dean Jackson <dino@apple.com> wrote: >> I think that's the key here. A CSS shader (or even any CSS filter really) >> should not get any cross-domain iframe content as input. > >Even without that you can spy on a user's link history by checking his >"visited" colors using this method. This would seem to be defeated by considering links unvisited for the purposes of shader input, like they are considered unvisited for many other purposes in browsers that try to protect against history leaks, even if that doesn't seem terribly convenient to implement. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Friday, 21 October 2011 00:07:25 UTC