- From: Michael Smith via GitHub <sysbot+gh@w3.org>
- Date: Mon, 13 Aug 2018 18:19:44 +0000
- To: public-houdini-archive@w3.org
@dbaron > That said, although the paper doesn't explicitly say so, I'm assuming the "Amplified attack" variant is also counting calls to the paint callback and only doing the registerPaint that marks the link as visited on the second call... if that's not the case then I don't actually understand how that attack is working. Yes, that's correct. We use `registerPaint` to store persistent state across `paint` callback invocations. On the first invocation of our `paint` callback, we do `registerPaint('target_foo', P)`. On the second invocation, we do `registerPaint('target_foo', P)` again, but this time it throws an exception since `target_foo` is already registered. We catch the exception and do `registerPaint('target_foo_visited', P)` in response. -- GitHub Notification of comment by spinda Please view or discuss this issue at https://github.com/w3c/css-houdini-drafts/issues/791#issuecomment-412615135 using your GitHub account
Received on Monday, 13 August 2018 18:19:50 UTC