W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] cross-domain scrollIntoView on frames and iframes

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 30 Jul 2009 23:08:42 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0907302303460.6420@hixie.dreamhostps.com>
On Sat, 18 Jul 2009, Adam Barth wrote:
> On Fri, Jul 17, 2009 at 4:10 PM, Ian Hickson<ian at hixie.ch> wrote:
> > Suppose that there is a tool where someone can write some text, in which
> > case the text will be displayed when the page is loaded. Suppose that
> > whether the person has written this text is confidential, and that whether
> > one had entered text there or not would reveal something that the user
> > would prefer to keep secret.
> >
> > You could use this API to tell whether or not another user had entered
> > text, by opening an iframe to that page, and then trying to scroll from
> > distance n to distance n+10 many times in a loop, and timing how long it
> > takes to do the scroll. If there is no more content in the page, then
> > scrolling to n and n+10 would take less time than it would if there was
> > more content (since scrolling is slower than doing nothing).
> 
> I suspect you could extract that information more easily by just
> timing the page load:
> 
> http://crypto.stanford.edu/~abortz/papers/timingweb.pdf

Yes, that would be another way of getting this information.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 30 July 2009 16:08:42 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC