webappsec-ISSUE-53 (UI Security model for composited drawing models): UI Security model for composited drawing models [UI Security]

webappsec-ISSUE-53 (UI Security model for composited drawing models): UI Security model for composited drawing models [UI Security]

http://www.w3.org/2011/webappsec/track/issues/53

Raised by: Adam Barth
On product: UI Security

Need to rethink the UI Security model for drawing models that use e.g. a multithreaded or multiprocess compositing model that prevents any single browsing context from having knowledge of the final rendering to the user to "take a screenshot".  May be ways around this by if the compositor handles some UI events first, but spec should consider and provide advice on these alternate rendering models.

abarth: could possibly encode protected regions as a plane in the stencil buffer (where the composition is similar to a 3D rendering with multiple surfaces representing different logical parts of the final rendering) for hit testing, could be processed in the compositing thread

Received on Friday, 26 April 2013 00:01:20 UTC