W3C home > Mailing lists > Public > www-style@w3.org > December 2013

Re: [css-color][filter-effects] (was: Re: [filter-effects] Tainted filter primitives)

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Fri, 13 Dec 2013 14:47:31 -0800
Message-ID: <CAAWBYDCxnqf+z1svYFWMqGGER_ZHCWNiXAunT03QJp8x-1Wmog@mail.gmail.com>
To: "Robert O'Callahan" <robert@ocallahan.org>
Cc: Dirk Schulze <dschulze@adobe.com>, public-fx <public-fx@w3.org>, www-style <www-style@w3.org>
On Fri, Dec 13, 2013 at 1:48 PM, Robert O'Callahan <robert@ocallahan.org> wrote:
> On Sat, Dec 14, 2013 at 8:11 AM, Tab Atkins Jr. <jackalmage@gmail.com>
> wrote:
>> That's silly.  There's no reason to break currentcolor just because
>> :visited is being used.  Plus, depending on implementation strategy,
>> actually getting the sanitized color is expensive (as you have to
>> rerun style matching, excluding all rules with :visited in their
>> selectors).
>
> FWIW, it's essential that getting the sanitized value be exactly as
> expensive as getting the regular value. Otherwise you open yourself to
> timing attacks.

Bah, that's true.  That means tracking two values for anything that
needs sanitization, unfortunately.

~TJ
Received on Friday, 13 December 2013 22:48:19 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 May 2016 14:39:17 UTC