javascript can poll history through visited/not-visited status

VERIFIED DUPLICATE of bug 147777

Status

()

Core
General
VERIFIED DUPLICATE of bug 147777
9 years ago
9 years ago

People

(Reporter: scientus, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009032712 Firefox/3.0.8
Build Identifier: 

If sites have been visited they have a different style and differnt style appearance. Javascript can systematically create links and check their state. With the great increases in javascript speed this is more and more of a problem.  The clear fix is to always show links to javascript as not visited. Styles for visited pages will still be fully capable, but allowing access to the toggle state through javascript is a privacy and security hole.

Reproducible: Always

Steps to Reproduce:
Go here: http://web2.0collage.com/

js used: http://web2.0collage.com/hist.js
Actual Results:  
Tells you what sites you go to

Expected Results:  
Cant figure out what sites you go to, xcept for referrer and what you tell it.
(Reporter)

Comment 1

9 years ago
Build identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1pre) Gecko/20090629 Shiretoko/3.5pre
Summary: Build identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1pre) Gecko/20090629 Shiretoko/3.5pre → javascript can poll history through visited/not-visited status

Comment 2

9 years ago
This is a known issue.  See Bug 147777.  Read Bug 147777 Comment 130 before trying to add a comment to Bug 147777; it is sad to see that different people are repeating the same discussion many times without reading comments by others.

> The clear fix is to always show links to javascript as not visited.
                                        ~~~~~~~~~~~~~
It is not at all clear how to respond with a fake style when scripts query the style of elements.  It is possible to do the same test even without scripts (less efficient, though).  I think that all of this is discussed in the first 50 comments of Bug 147777.

What can be done is to treat all the links as not visited (not only for scripts), and it *is* implemented in Firefox 3.5 and later; see Bug 147777 Comment 98.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 147777
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.