On Fri, Dec 13, 2013 at 1:48 PM, Robert O'Callahan <robert@ocallahan.org> wrote: > On Sat, Dec 14, 2013 at 8:11 AM, Tab Atkins Jr. <jackalmage@gmail.com> > wrote: >> That's silly. There's no reason to break currentcolor just because >> :visited is being used. Plus, depending on implementation strategy, >> actually getting the sanitized color is expensive (as you have to >> rerun style matching, excluding all rules with :visited in their >> selectors). > > FWIW, it's essential that getting the sanitized value be exactly as > expensive as getting the regular value. Otherwise you open yourself to > timing attacks. Bah, that's true. That means tracking two values for anything that needs sanitization, unfortunately. ~TJReceived on Friday, 13 December 2013 22:48:21 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:49:48 UTC