History information leak -- try a if it doesn't work first time.
This demo places an
<a> anchor tag for each history sniffing attempt in an SVG document, then draws that SVG image in a
<canvas>, finally looking through the pixels to find the
a:visited colour. Additionally, it renders to a (PNG)
Blob to see if there is a file size difference (as the unvisited colour is the same as the background colour). Normal browser security would not be to not render
a:visited differently to the normal anchor colour when drawing through an SVG.