Re: [w3ctag/design-reviews] State extension for JS Self-Profiling API. (Issue #682) from Daniel Appelquist on 2021-12-07 (public-webapps-github@w3.org from December 2021)

From: Daniel Appelquist <notifications@github.com>
Date: Tue, 07 Dec 2021 00:30:58 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/682/987685841@github.com>

Hi folks! Regarding the [mitigation](https://github.com/WICG/js-self-profiling/blob/main/markers.md#privacy-and-security) against cross-origin leakage that you've described - can you expand on this a little bit and be a bit more clear about what the mitigation strategy is? Are there ways that you could envision this API being used to intentionally and maliciously leak data across origin boundaries? It would be good if you could elaborate on the potential misuse (and mitigations).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/682#issuecomment-987685841

Received on Tuesday, 7 December 2021 08:31:10 UTC