On Saturday 2010-04-10 07:19 +0100, Philip TAYLOR wrote: > May I express a personal wish that this behaviour be under > user control ? Whilst I fully understand David Baron's > rationale for the change, I do not believe that it is the > responsibility of browsers to work around security deficiencies > that arise from the correct implementation of W3C standards. > If the CSS, (X)HTML, and/or related (e.g., HTTP) specifications, > either individually or when taken together, lead to a security > deficiency, then this should be addressed at the specification > level and not by mandatory changes to a browser which would > cause the latter to deviate from the specification(s).
It doesn't deviate from the specification; see http://www.w3.org/TR/CSS21/selector.html#link-pseudo-classes , which says: # Note. It is possible for style sheet authors to abuse the # :link and :visited pseudo-classes to determine which sites a # user has visited without the user's consent. # # UAs may therefore treat all links as unvisited links, or # implement other measures to preserve the user's privacy while # rendering visited and unvisited links differently. This falls under "other measures". I'd also note that if implementation consensus develops around this solution or something similar, it would likely be worth standardizing it. -David -- L. David Baron http://dbaron.org/ Mozilla Corporation http://www.mozilla.com/ ______________________________________________________________________ css-discuss [cs...@lists.css-discuss.org] http://www.css-discuss.org/mailman/listinfo/css-d List wiki/FAQ -- http://css-discuss.incutio.com/ List policies -- http://css-discuss.org/policies.html Supported by evolt.org -- http://www.evolt.org/help_support_evolt/
