W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] cross-domain scrollIntoView on frames and iframes

From: Adam Barth <whatwg@adambarth.com>
Date: Sat, 18 Jul 2009 16:12:23 -0700
Message-ID: <7789133a0907181612k1540ad33p8ca529100733b6c8@mail.gmail.com>
On Fri, Jul 17, 2009 at 4:10 PM, Ian Hickson<ian at hixie.ch> wrote:
> Suppose that there is a tool where someone can write some text, in which
> case the text will be displayed when the page is loaded. Suppose that
> whether the person has written this text is confidential, and that whether
> one had entered text there or not would reveal something that the user
> would prefer to keep secret.
>
> You could use this API to tell whether or not another user had entered
> text, by opening an iframe to that page, and then trying to scroll from
> distance n to distance n+10 many times in a loop, and timing how long it
> takes to do the scroll. If there is no more content in the page, then
> scrolling to n and n+10 would take less time than it would if there was
> more content (since scrolling is slower than doing nothing).

I suspect you could extract that information more easily by just
timing the page load:

http://crypto.stanford.edu/~abortz/papers/timingweb.pdf

Adam
Received on Saturday, 18 July 2009 16:12:23 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC