- From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Fri, 26 Apr 2013 00:01:19 +0000
- To: public-webappsec@w3.org
webappsec-ISSUE-53 (UI Security model for composited drawing models): UI Security model for composited drawing models [UI Security] http://www.w3.org/2011/webappsec/track/issues/53 Raised by: Adam Barth On product: UI Security Need to rethink the UI Security model for drawing models that use e.g. a multithreaded or multiprocess compositing model that prevents any single browsing context from having knowledge of the final rendering to the user to "take a screenshot". May be ways around this by if the compositor handles some UI events first, but spec should consider and provide advice on these alternate rendering models. abarth: could possibly encode protected regions as a plane in the stencil buffer (where the composition is similar to a 3D rendering with multiple surfaces representing different logical parts of the final rendering) for hit testing, could be processed in the compositing thread
Received on Friday, 26 April 2013 00:01:20 UTC