Abusing hyperlink auditing and the "ping" attribute in HTML
22 Jun 2011
I just learned about this proposed feature of HTML which as Anne van Kesteren noted is not in HTML5 at the moment but might be in HTML6.
http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
So "a" and "area" elements would support a "ping" attribute as a space-separated list of URIs that should contacted when the hyperlink is activated. So someone clicks on the link and each of the URIs in the "ping" would receive an HTTP POST with the string "PING" in the body. The request must also include either a "Referrer" header or a new "Ping-From" header which would include the same value. This can obviously be useful for tracking purposes, and hopefully third-party sites could be easily (and by default) blocked rather than having an option to "selectively ignore URLs in the list (e.g. ignoring any third-party URLs)".
I can imagine some other abuse cases here around flooding - e.g. the URL could easily by appended with junk causing large HTTP requests to get sent to an inordinately large list of URIs.
Information could be leaked in the usual sense of Referrer/Ping-From leaks. Anything else come to mind?
http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
So "a" and "area" elements would support a "ping" attribute as a space-separated list of URIs that should contacted when the hyperlink is activated. So someone clicks on the link and each of the URIs in the "ping" would receive an HTTP POST with the string "PING" in the body. The request must also include either a "Referrer" header or a new "Ping-From" header which would include the same value. This can obviously be useful for tracking purposes, and hopefully third-party sites could be easily (and by default) blocked rather than having an option to "selectively ignore URLs in the list (e.g. ignoring any third-party URLs)".
I can imagine some other abuse cases here around flooding - e.g. the URL could easily by appended with junk causing large HTTP requests to get sent to an inordinately large list of URIs.
Information could be leaked in the usual sense of Referrer/Ping-From leaks. Anything else come to mind?