Re: [filter-effects] Updated security model from Stephen White on 2013-10-30 (public-fx@w3.org from October to December 2013)

From: Stephen White <senorblanco@chromium.org>
Date: Wed, 30 Oct 2013 17:44:29 -0400
To: Dirk Schulze <dschulze@adobe.com>
Cc: "public-fx@w3.org" <public-fx@w3.org>
Message-ID: <CAPeKFThp0a1Vn2fgk=3=S7ZsqqwOSuWNLY4M5yRmu4d333_=Ww@mail.gmail.com>

Hi Dirk,

The spec is not too clear about why those primitives in particular taint
the filter chain. I'm probably showing my CSS ignorance here, but how do
feFlood, feDropShadow and fe*Lighting cause tainting?

Under the "Timing Attacks" section, we also might want to call out the
visited link issue as another example of a timing attack, since it's fairly
well-known.

Stephen

On Fri, Sep 27, 2013 at 1:46 AM, Dirk Schulze <dschulze@adobe.com> wrote:

> Hi,
>
> I updated the security model for Filter Effects [1]. Furthermore, I
> removed several descriptions of optimizations that potentially do not
> follow the security model.
>
> I would like to ask for an initial review of the new written section.
>
> Greetings,
> Dirk
>
> [1] http://dev.w3.org/fxtf/filters/#security
>

Received on Wednesday, 30 October 2013 21:45:05 UTC