[_] Direct scripting with CSS alone
Rick Hurst
rick.hurst at gmail.com
Wed Sep 5 13:03:41 BST 2007
On 9/5/07, Richard Davey <rich at corephp.co.uk> wrote: > Hi _, > > One of my favourite security bloggers posted this little demo up. > > It demonstrates how advanced CSS is getting, including full send and > retrieval of data (with *NO* JavaScript at all), Browser History > recognition and link tracking. > > http://www.businessinfo.co.uk/labs/css_scripting_kit/css_scripting_kit.php > > This is for FF only at the moment. > > It doesn't look like much on the surface, but View Source and check > out the Style block. This is just the tip of the iceberg. > gulp - combined with javascript there is some serious snooping potential there surely?:- --------------8<------------- .ifYahoo a[href="http://www.yahoo.com"]:visited + div { display:block; } .ifYahoo a[href="http://www.yahoo.com"]:visited + div + span { display:none; } --------------8<------------- -- Rick Hurst, Web developer, Bristol, England http://www.rickhurst.co.uk