Re: [w3c/editing] clarifications for the pickling design proposal (Issue #393) from CSS Meeting Bot on 2022-03-10 (public-webapps-github@w3.org from March 2022)

From: CSS Meeting Bot <notifications@github.com>
Date: Thu, 10 Mar 2022 08:32:40 -0800
To: w3c/editing <editing@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/editing/issues/393/1064260394@github.com>

The Web Editing Working Group just discussed `clarification on pickling`.

<details><summary>The full IRC log of that discussion</summary>
&lt;Travis> Topic: clarification on pickling<br>
&lt;Travis> github: https://github.com/w3c/editing/issues/393<br>
&lt;Travis> annevk: I haven't had time to look at this.<br>
&lt;Travis> Anupam: opener hasn't responded to my comments.<br>
&lt;Travis> .. concerns about writing 1000 of formats. (I tested and it does indeed bog-down my computer.)<br>
&lt;Travis> .. I think a hundred is reasonable.<br>
&lt;Travis> .. Went through security review and they were OK with that.<br>
&lt;Travis> Annevk: are you saying global total is 100?<br>
&lt;Travis> Anupam: I think there may be a security problem on your hands...<br>
&lt;Travis> (Sorry that comment was Annevk)<br>
&lt;Travis> Anupam: new windows APIs have a global limit.<br>
&lt;Travis> Anupam: So, attack vector is that two origins use different custom formats to communicate. (Similar to socket connections.)<br>
&lt;Travis> Travis: can you explain the attack?<br>
&lt;Travis> annevk: one origin takes all 100 formats, then another tries to use a custom format and is denied.<br>
&lt;Travis> .. Then the first origin can know which formats were attempted based on which ones had been added previously.<br>
&lt;Travis> (editor's note: Sorry didn't capture that very well)<br>
&lt;Travis> Annevk: suggests looking over: https://xsleaks.dev/<br>
&lt;Travis> whsieh: Yep, this is why Webkit blocks cross-origin custom pasteboard access.<br>
&lt;Travis> Travis: so some of us will need to revisit restrictions...?<br>
&lt;Travis> Anupam: raising the limit to 16K is Windows' limit--that could be a problem.<br>
&lt;Travis> annevk: you could add a limit-per-origin<br>
&lt;whsieh> platform info is in the UA already, no?<br>
&lt;Travis> .. Each type that the origin uses adds a "salt" to add randomization to prevent the other origin from guessing.<br>
&lt;Travis> +1 (I like that)<br>
&lt;Travis> johanneswilm: This is just some advice to chromium folks.<br>
&lt;Travis> .. anything spec-wise?<br>
&lt;Travis> Anupam: I think we need more discussion? Needs to be a limit and have it documented somewhere.<br>
</details>


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/editing/issues/393#issuecomment-1064260394
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/editing/issues/393/1064260394@github.com>

Received on Thursday, 10 March 2022 16:32:53 UTC