W3C home > Mailing lists > Public > public-webapi@w3.org > April 2008

Re: [selectors-api] Handling :link and :visited Pseudo Classes

From: L. David Baron <dbaron@dbaron.org>
Date: Wed, 16 Apr 2008 18:36:36 -0700
To: Maciej Stachowiak <mjs@apple.com>
Cc: Arve Bersvendsen <arveb@opera.com>, Travis Leithead <travil@windows.microsoft.com>, Lachlan Hunt <lachlan.hunt@lachy.id.au>, public-webapi <public-webapi@w3.org>
Message-ID: <20080417013636.GA2522@ridley.dbaron.org>

On Wednesday 2008-04-16 18:24 -0700, Maciej Stachowiak wrote:
> I guess you would have to extend this to rules that use :visited or :link 
> anywhere in the selector (for example before a sibling or descendant 
> combinator) and make sure the getComputedStyle lies extend to descendants 
> that inherit the color as well.

That was my intent.

(The user agent would, of course, have to resolve the with-history
and without-history styles eagerly, to prevent timing attacks.)

> Also, I think setting background-color may be subject to a timing-based 
> attack if the default is transparent, since it will require extra rect 
> fills, and setting color may be subject to a timing based attack if the 
> anti-aliasing mode changes based on the color of text, resulting in 
> different cost of drawing the text. I believe this is true on Mac OS X.

That's why I excluded the "alpha component" of the color.
'transparent' would need to be treated as having a 0 alpha
component.

-David

-- 
L. David Baron                                 http://dbaron.org/
Mozilla Corporation                       http://www.mozilla.com/
Received on Thursday, 17 April 2008 01:37:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 April 2008 01:37:34 GMT