Up until mid-2010, any rogue website could get a good sense of your browsing habits by specifying a distinctive :visited pseudo-class, rendering thousands of interesting URLs off-screen, and then calling the getComputedStyle API to figure out which pages appear in your browser's history.
After some deliberation, browser vendors have closed this loophole by disallowing almost all attributes in :visited selectors, spare for the ability to alter text, foreground, and background colors for such links. The APIs have been also redesigned to prevent the disclosure of this color information via getComputedStyle.
This workaround did not fully eliminate the ability to probe your browsing history, but limited it to scenarios where the user can be tricked into unwittingly feeding the style information back to the website, disclosing information about one URL at a time.
more here............http://lcamtuf.coredump.cx/css_calc/
After some deliberation, browser vendors have closed this loophole by disallowing almost all attributes in :visited selectors, spare for the ability to alter text, foreground, and background colors for such links. The APIs have been also redesigned to prevent the disclosure of this color information via getComputedStyle.
This workaround did not fully eliminate the ability to probe your browsing history, but limited it to scenarios where the user can be tricked into unwittingly feeding the style information back to the website, disclosing information about one URL at a time.
more here............http://lcamtuf.coredump.cx/css_calc/