W3C home > Mailing lists > Public > public-fx@w3.org > October to December 2013

Re: [filter-effects] Updated security model

From: Stephen White <senorblanco@chromium.org>
Date: Wed, 30 Oct 2013 17:44:29 -0400
Message-ID: <CAPeKFThp0a1Vn2fgk=3=S7ZsqqwOSuWNLY4M5yRmu4d333_=Ww@mail.gmail.com>
To: Dirk Schulze <dschulze@adobe.com>
Cc: "public-fx@w3.org" <public-fx@w3.org> 
Hi Dirk,

The spec is not too clear about why those primitives in particular taint
the filter chain. I'm probably showing my CSS ignorance here, but how do
feFlood, feDropShadow and fe*Lighting cause tainting?

Under the "Timing Attacks" section, we also might want to call out the
visited link issue as another example of a timing attack, since it's fairly
well-known.

Stephen


On Fri, Sep 27, 2013 at 1:46 AM, Dirk Schulze <dschulze@adobe.com> wrote:

> Hi,
>
> I updated the security model for Filter Effects [1]. Furthermore, I
> removed several descriptions of optimizations that potentially do not
> follow the security model.
>
> I would like to ask for an initial review of the new written section.
>
> Greetings,
> Dirk
>
> [1] http://dev.w3.org/fxtf/filters/#security
>
Received on Wednesday, 30 October 2013 21:45:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:49:47 UTC