From e7b4b73969b02708142321001c1979f0c398ef8e Mon Sep 17 00:00:00 2001 From: Johannes Hofmann Date: Sat, 21 Jan 2012 22:34:33 +0100 Subject: ignore remote CSS rules that could reveal browser history For a discussion of the problem see: http://dbaron.org/mozilla/visited-privacy --- src/css.cc | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'src/css.cc') diff --git a/src/css.cc b/src/css.cc index c6c74f60..8cf1c8eb 100644 --- a/src/css.cc +++ b/src/css.cc @@ -27,6 +27,7 @@ CssPropertyList::CssPropertyList (const CssPropertyList &p, bool deep) : lout::misc::SimpleVector (p) { refCount = 0; + safe = p.safe; if (deep) { for (int i = 0; i < size (); i++) { CssProperty *p = getRef(i); @@ -58,6 +59,9 @@ void CssPropertyList::set (CssPropertyName name, CssValueType type, CssPropertyValue value) { CssProperty *prop; + if (name == CSS_PROPERTY_DISPLAY || name == CSS_PROPERTY_BACKGROUND_IMAGE) + safe = false; + for (int i = 0; i < size (); i++) { prop = getRef (i); @@ -169,6 +173,13 @@ void CssSelector::addSimpleSelector (Combinator c) { cs->selector = new CssSimpleSelector (); } +bool CssSelector::checksPseudoClass () { + for (int i = 0; i < selectorList->size (); i++) + if (selectorList->getRef (i)->selector->getPseudoClass ()) + return true; + return false; +} + /** * \brief Return the specificity of the selector. * @@ -517,6 +528,13 @@ void CssContext::addRule (CssSelector *sel, CssPropertyList *props, if (props->size () > 0) { CssRule *rule = new CssRule (sel, props, pos++); - sheet[order].addRule (rule); + if ((order == CSS_PRIMARY_AUTHOR || + order == CSS_PRIMARY_AUTHOR_IMPORTANT) && + !rule->isSafe ()) { + MSG_WARN ("Ignoring unsafe author style that might reveal browsing history\n"); + delete rule; + } else { + sheet[order].addRule (rule); + } } } -- cgit v1.2.3