There have been a series of attacks[0] that allow SOP bypasses by applying non-constant-time transforms to cross-domain resources and using timing attacks to infer the contents.
I'm not sure to what extent we have been tracking our exposure to these attacks over the years, but it's something I'm hoping to start understanding. Do we know how these transforms behave in this regard? -tom [0] This is a really incomplete list of these but it's a start: https://bugzilla.mozilla.org/show_bug.cgi?id=655987 https://dl.acm.org/citation.cfm?id=2516712&dl=ACM&coll=DL&CFID=1016908573&CFTOKEN=45471182 https://www.contextis.com/media/downloads/Pixel_Perfect_Timing_Attacks_with_HTML5_Whitepaper.pdf On Fri, Dec 15, 2017 at 1:51 AM, Ku(顧思捷)CJ <c...@mozilla.com> wrote: > Summary: > The translate, rotate, and scale properties allow authors to specify > simple transforms independently, in a way that maps to typical user > interface usage, rather than having to remember the order in transform that > keeps the actions of transform(), rotate() and scale() independent and > acting in screen coordinates. > Both Blink and Edge have implemented this feature. > > Bug: > https://bugzilla.mozilla.org/show_bug.cgi?id=1207734 > > Link to standard: > https://drafts.csswg.org/css-transforms-2/#individual-transforms > > Platform coverage: > All platforms > > Target release: > FF60 > > Preference behind which this will be implemented: > "layout.css.individual-transform.enabled" > > Do other browser engines implement this? > Blink/ Edge > > Tests: > WPT test > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
