On Thu, Oct 20, 2011 at 4:06 PM, Dean Jackson <dino@apple.com> wrote:
>
> On 20/10/2011, at 2:31 PM, Tab Atkins Jr. wrote:
>
> > This scenario really depends on a pixel shader having
> > access to the pixels of cross-domain iframes, though. If we just
> > blanked the element's rectangle before giving it to the shader, that
> > attack would be defeated. The remaining leakage is probably small
> > enough to not worry about, you're right.
>
> I think that's the key here. A CSS shader (or even any CSS filter really)
> should not get any cross-domain iframe content as input.
>
Even without that you can spy on a user's link history by checking his
"visited" colors using this method.
>
> Dean
>
>