On 06/12/2015 01:01 PM, Gordon Messmer wrote:
On 06/13/2015 11:11 AM, jd1008 wrote:
All your browsing history, all cookies ...etc are open books as far as many javascripts are concerned.
Javascript can use CSS attributes to see if you've visited a specific URL, which is unfortunate, but that's a long way from saying that your history is an open book. Javascript cannot directly access your history. A script cannot enumerate all of the sites you've visited, it can only test specific, complete URLs.
As far as cookies go, you're even further from the truth. A script can only access cookies whose domain matches the origin of the script.
Why do you make such statements without knowing the intrinsics??? How in tarnation do you explain this: http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com
Malware is installed where it can be executed. Since that is the case, what makes you think JS cannot access your browsing history??