On 06/12/2015 01:01 PM, Gordon Messmer wrote: > On 06/13/2015 11:11 AM, jd1008 wrote: >> All your browsing history, all cookies ...etc are open books >> as far as many javascripts are concerned. > > Javascript can use CSS attributes to see if you've visited a specific > URL, which is unfortunate, but that's a long way from saying that your > history is an open book. Javascript cannot directly access your > history. A script cannot enumerate all of the sites you've visited, > it can only test specific, complete URLs. > > As far as cookies go, you're even further from the truth. A script > can only access cookies whose domain matches the origin of the script. > Why do you make such statements without knowing the intrinsics??? How in tarnation do you explain this: http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com Malware is installed where it can be executed. Since that is the case, what makes you think JS cannot access your browsing history??