Travis Leithead wrote:
I'm considering adjusting the spec to allow just two options, and
making IE8's behaviour non-conforming.
That sounds like you're trying to play hardball. :)
My main concern is that interoperability is not sacrificed in the name
of a security measure that's not entirely effective anyway. I believe
there are alternative approaches that would achieve the same level of
security without sacrificing too much interoperability.
Although, ideally, both :link and :visited used in these APIs would
match the same elements as they do when used in CSS. However, failing
that, what is wrong with treating all links as unvisited as far as these
APIs are concerned.
Consider this:
<p><a href="visited-link">foo</a> <a href="unvisited-link">bar</a>
<script>
var list1 = document.querySelectorAll(":link"); // Returns both links
var list2 = document.querySelectorAll(":visited"); // Returns empty list
</script>
That retains sufficient functionality to make at least :link useful,
without revealing which links have or have not been visited. This
doesn't really affect interoperability too much, since the result is
effectively the same as if the user just cleared their history.
Alternatively, implementing a variation of that solution such as that
described by Bjoern [1] would, perhaps, be even better.
[1] http://lists.w3.org/Archives/Public/public-webapi/2008Apr/0137.html
--
Lachlan Hunt - Opera Software
http://lachy.id.au/
http://www.opera.com/
