Mulled Chrome API shines light on long-neglected privacy gap: Sites can snoop on your find-in-page searches A browser feature being developed for the open-source Chromium platform has raised data-leakage privacy concerns – though the Google engineers working on the project contend the potential benefits outweigh the risks. The issue – potential leakage of text entered into the find-in-page search popup invoked by hitting the CTRL-F …
The examples I know where the website reimplements the search functionality are when the page content is dynamically loaded. One such "website" is Google Sheets. You don't want the huge spreadsheet to be loaded in the browser, so only the part you see is downloaded. For the search functionality, the tool actually sends the search query to the server, which finds and sends back the relevant part of the page.
I'm just a hobbyist now, but that method is WAY too slow for me, does Google Sheets really work like that? I would up using something that basically equated to (link_list = 5 * (height / lines)), which fully loads what is visible, then 2 buffers of results both above and below the visible area. But I have tried it the way you're suggesting (and a few others), but that specific way was always slower on insertion. The way I side stepped long literal CTRL+F style searches was by hashing each line prior on the server so the server could then just spit out linked lists of whatever size. Yeh, the initial CPU usage on the server during document creation is hefty, but if you want snappy results and lower subsequent server CPU loads.... :-/. Again though, I'm just a couch coder, but I really couldn't get that method to work great (at least not on a Raspberry Pi). I understand both ways are similar, but fetching only what is visible and having the server search like that every time?
The potential benefits for who ?
Also, is this a pure-Chromium issue, or are other browsers at risk also ?
In any case, I note that this is, once again, a JavaScript issue. And that means, once again, that NoScript saves the day.
NoScript : protecting privacy every day, without fail.
For example, if a portion of a webpage has been collapsed so the text is not visible, a find-in-page request would not work as expected.
Yes it would - the search wouldn't find the text, exactly as expected because it isn't there.
Where's the logic in hiding text on a web page and waiting for the user to expand it later - apart from slurping, obvs.
Firefox find-in-page finds hidden text. It is a bit useful and sometimes expected, because Google will index pages based on their hidden text and so people come to a page expecting to find something that's not visible. What's less useful is that it's still hidden after FF finds it and some text is hidden without a way to unhide it (eg. text for SEO). The Chrome solution won't address that either.
"Where's the logic in hiding text on a web page and waiting for the user to expand it later"
The same logic which gives us books printed on individual pages bound into a handy volume instead of a single 10x10 metre sheet of paper. It makes navigation easier. The alternative is text isn't there until you want it and it's fetched from the server, which makes slurping easy too.
The book analogy doesn't quite work for me. As you point out, a major feature of a book is that it's on convenient sized pages so it can easily be handled and one page leads to the next. The only place I've seen hidden-until-you-reveal-it text in a book is when reading to my grandchildren when they were under five years old. A web page being analogous to a book page perhaps these are aimed at the under-five mentality too?
I never understood why this functionnality was not already in place:
The last two are awkward, but in my view navigating of Zottabytes of potentially useful information can't be done without it.
Of course, this is Google/ Chrome so they'll be able to drown any potentially useful gains in stalker juice. It might serve as a base for someone else, though.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
