- From: L. David Baron <dbaron@dbaron.org>
- Date: Wed, 16 Apr 2008 18:36:36 -0700
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: Arve Bersvendsen <arveb@opera.com>, Travis Leithead <travil@windows.microsoft.com>, Lachlan Hunt <lachlan.hunt@lachy.id.au>, public-webapi <public-webapi@w3.org>
On Wednesday 2008-04-16 18:24 -0700, Maciej Stachowiak wrote: > I guess you would have to extend this to rules that use :visited or :link > anywhere in the selector (for example before a sibling or descendant > combinator) and make sure the getComputedStyle lies extend to descendants > that inherit the color as well. That was my intent. (The user agent would, of course, have to resolve the with-history and without-history styles eagerly, to prevent timing attacks.) > Also, I think setting background-color may be subject to a timing-based > attack if the default is transparent, since it will require extra rect > fills, and setting color may be subject to a timing based attack if the > anti-aliasing mode changes based on the color of text, resulting in > different cost of drawing the text. I believe this is true on Mac OS X. That's why I excluded the "alpha component" of the color. 'transparent' would need to be treated as having a 0 alpha component. -David -- L. David Baron http://dbaron.org/ Mozilla Corporation http://www.mozilla.com/
Received on Thursday, 17 April 2008 01:37:33 UTC