Re: [filter-effects] Updated security model

On Oct 30, 2013, at 10:44 PM, Stephen White <senorblanco@chromium.org<mailto:senorblanco@chromium.org>> wrote:

Hi Dirk,

The spec is not too clear about why those primitives in particular taint the filter chain. I'm probably showing my CSS ignorance here, but how do feFlood, feDropShadow and fe*Lighting cause tainting?

All these elements have attributes that take colors including ‘currentColor’. ‘currentColor’ takes the used value of the ‘color’ property. This is one of the properties that can be set by the :visited CSS selector.


Under the "Timing Attacks" section, we also might want to call out the visited link issue as another example of a timing attack, since it's fairly well-known.

Exactly :) I can add this example.

Greetings,
Dirk


Stephen


On Fri, Sep 27, 2013 at 1:46 AM, Dirk Schulze <dschulze@adobe.com<mailto:dschulze@adobe.com>> wrote:
Hi,

I updated the security model for Filter Effects [1]. Furthermore, I removed several descriptions of optimizations that potentially do not follow the security model.

I would like to ask for an initial review of the new written section.

Greetings,
Dirk

[1] http://dev.w3.org/fxtf/filters/#security

Received on Wednesday, 30 October 2013 22:12:48 UTC