MozillaWiki

Security/CSP/HistoryModule: Difference between revisions

Page Discussion

Security/CSP/HistoryModule (view source)

Revision as of 19:52, 20 October 2009

195 bytes added ,  20 October 2009
→‎Semantics
No edit summary
Line 25: Line 25:


The safe-history directive is designed to prevent leakage of history information via the :visited CSS pseudoclass.  If the csp-policy contains at least one safe-history directive, the browser MUST NOT attach the :visited CSS pseudoclass to hyperlinks to the current web page unless the hyperlink is contained in a web page from the same origin as the current web page.
The safe-history directive is designed to prevent leakage of history information via the :visited CSS pseudoclass.  If the csp-policy contains at least one safe-history directive, the browser MUST NOT attach the :visited CSS pseudoclass to hyperlinks to the current web page unless the hyperlink is contained in a web page from the same origin as the current web page.
= Open Issues =
* What about cache timing?  Maybe we should add a directive for isolating the cache per origin, or maybe we should fold the behavior into the same directive as visited links...
Abarth
118

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/177148"