Making The Web has a demonstration of a neat trick to display your browser history even without the use of Javascript.
The trick is that it's not really scanning your history. The technique works by using CSS attributes which display whenever a site is visited. They use this in combination with a large list of popular web addresses. They display all of these addresses in an IFRAME with CSS attributes such that they will display only if visited, so the ones you've visited show up.
The main hole in the technique is that if a site is not in their list it won't show up in the history list they display. The other hole is that it's not clear that they can do a whole lot with the information if Javascript is not enabled, although the demo site claims to collect some data and display what it claims to be a "most visited pages" list. I'm not saying this is a lie, but I couldn't figure out from the source how they collected it.
There has been some controversy over whether the technique works with NoScript installed, as the author insists it does. I didn't test it with NoScript, but I did disable Javascript in the Firefox and confirmed that it was disabled, and the demo worked well.
0 comments:
Post a Comment