If you happen to get assigned to the same webslave and process of somebody that
recently used canview on /customize/advanced/styles.bml and attempt to save your
style, you will get redirected to a url with ?user=canview_victim
This does not allow the user without canview to actually view canview_victim's
styles, but still leaks information that canview was used, and whom it was used
on.
Patch can be found here:
http://code.livejournal.org/trac/livejournal/changeset/15078/trunk/htdocs/customize/advanced/styles.bml