- From: Dean Jackson <dino@apple.com>
- Date: Thu, 20 Oct 2011 16:06:47 -0700
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- Cc: Chris Marrin <cmarrin@apple.com>, "Gregg Tavares (wrk)" <gman@google.com>, www-style list <www-style@w3.org>
On 20/10/2011, at 2:31 PM, Tab Atkins Jr. wrote: > This scenario really depends on a pixel shader having > access to the pixels of cross-domain iframes, though. If we just > blanked the element's rectangle before giving it to the shader, that > attack would be defeated. The remaining leakage is probably small > enough to not worry about, you're right. I think that's the key here. A CSS shader (or even any CSS filter really) should not get any cross-domain iframe content as input. Dean
Received on Thursday, 20 October 2011 23:07:16 UTC