W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > December 2017

[mediacapture-fromelement] Address information leak of :visited styles and disclosure of shadow DOM contents

From: arturjanc via GitHub <sysbot+gh@w3.org>
Date: Mon, 11 Dec 2017 12:25:56 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issues.opened-280998477-1512995155-sysbot+gh@w3.org>
arturjanc has just created a new issue for https://github.com/w3c/mediacapture-fromelement:

== Address information leak of :visited styles and disclosure of shadow DOM contents ==
To combat the disclosure of the user's browsing history via styling anchors using the CSS `:visited` pseudoselector, user agents lie to scripts by always returning unvisited link style information when a script attempts to read the style of a link element (see https://dbaron.org/mozilla/visited-privacy). The inability to obtain the real color with which the link is rendered prevents the page from learning if a user had visited a given URL.

If markup can be rendered as part of a VideoTrack (e.g. as part of a subtitle or caption) and the page can use the `captureStream()` method to get a stream of bytes corresponding to the content rendered on the user's screen, the page will be able to learn the real color with which a link is rendered. This would undermine the current fix which prevents browsing history from being disclosed to the page. I'm not sure if this is currently possible due to restrictions on markup which can be used as part of subtitles or captions (i.e. I don't know if VTT or other caption formats support links), but it's still a concern if caption formats are expanded in the future.

In a somewhat separate but related concern, native browser UI elements may be rendered as a result of the user interacting with a form field (e.g. a password input, or form autofill tools). _If_ such markup is present as part of a text track in a stream, and if contents of the shadow DOM make it into the stream captured by the Media Capture APIs, it could allow a page to obtain information it otherwise couldn't access. 

Perhaps this is worth a note somewhere in the Security section?

Please view or discuss this issue at https://github.com/w3c/mediacapture-fromelement/issues/69 using your GitHub account
Received on Monday, 11 December 2017 12:26:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:33 UTC