- From: Anderson Quach <aquach@microsoft.com>
- Date: Fri, 15 Oct 2010 18:46:30 +0000
- To: "public-web-perf@w3.org" <public-web-perf@w3.org>
- Message-ID: <1E1FF4102DEA7A40AF9CC342044ECE5D2E21A830@TK5EX14MBXW603.wingroup.windeploy.ntde>
Hi All, We're calling for input on a matter of privacy concerns with Navigation Timing. The follow attributes are being vetted to understand the threat with exposing Navigation Timing [1] attributes that can reveal to an attacking site what an end-user is doing in a particular session. (Please see the attached png for a visual representation of the timeline) navigationStart The issue with this timing marker is that it reveals the absolute start point of the navigation, which may include the timing phase associated with redirection and the time spent in the unload event. redirectStart redirectEnd After committing the navigation, the previous page (a.com) may perform redirections when navigating to the target/current page (b.com). Thus, b.com has access to specific timing information that is associated with redirections of a.com. redirectCount This attribute is related to redirectStart and redirectEnd, revealing the number of redirects while navigating from a.com to b.com. Thus, the target/current page (b.com) has access to the number of redirections associated with previous page (a.com). unloadEventStart unloadEventEnd After committing the navigation, the previous page (a.com) may have an unload event handler while navigating to the target/current page (b.com). Thus, b.com has access to how long a.com's unload handler took to execute. [1] http://dvcs.w3.org/hg/webperf/raw-file/tip/specs/NavigationTiming/Overview.html Thanks, Anderson Quach IE Program Manager
Attachments
- image/png attachment: navigationtiming_timeline.png
Received on Friday, 15 October 2010 18:48:15 UTC