W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Re: [filter-effects][css-masking] Move security model for resources to CSP

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sun, 02 Jun 2013 00:03:23 -0400
Message-ID: <51AAC40B.5010000@mit.edu>
To: Dirk Schulze <dschulze@adobe.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 6/1/13 11:54 PM, Dirk Schulze wrote:
> To focus on clip-path: Do I understand you correctly that there is no difference in the security consideration between my two examples (inline path and <use> reference of path in same document)?

They both allow exfiltrating the path information.

Are they both allowed in your proposal?  That's the part I'm trying to 
understand.

> If yes. Do you think there is a security breach with the potential recovery of the path data inside of <clipPath>?

Allowing cross-origin exfiltration of _arbitrary_ path geometry seems 
like an entirely unacceptable security breach to me.  Your example shows 
that cross-origin <use> allows such exfiltration.  Therefore, we can't 
allow cross-origin <use> without putting some sort of mitigations in place.

Exfiltration of just path geometry that is explicitly being used as a 
clipping path by the source being exfiltrated from is somewhat 
questionable, but it's not obvious to me whether it would contain 
sensitive data in practice.  I would suggest we should err on the side 
of assuming it would, since this is the sort of thing that's really hard 
to close down once you open it up...

Does that answer your question?  I'm really not quite sure what you're 
really asking here.

-Boris
Received on Sunday, 2 June 2013 04:03:53 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 2 June 2013 04:03:54 UTC