W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

webappsec-ISSUE-53 (UI Security model for composited drawing models): UI Security model for composited drawing models [UI Security]

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 26 Apr 2013 00:01:19 +0000
Message-Id: <E1UVW6J-0007yw-Sc@nelson.w3.org>
To: public-webappsec@w3.org
webappsec-ISSUE-53 (UI Security model for composited drawing models): UI Security model for composited drawing models [UI Security]

http://www.w3.org/2011/webappsec/track/issues/53

Raised by: Adam Barth
On product: UI Security

Need to rethink the UI Security model for drawing models that use e.g. a multithreaded or multiprocess compositing model that prevents any single browsing context from having knowledge of the final rendering to the user to "take a screenshot".  May be ways around this by if the compositor handles some UI events first, but spec should consider and provide advice on these alternate rendering models.

abarth: could possibly encode protected regions as a plane in the stencil buffer (where the composition is similar to a 3D rendering with multiple surfaces representing different logical parts of the final rendering) for hit testing, could be processed in the compositing thread
Received on Friday, 26 April 2013 00:01:20 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC