DevTools bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1163901
On Tue, May 12, 2015 at 6:02 AM, Boris Zbarsky wrote:
> On 5/11/15 7:03 PM, Ilya Grigorik wrote:
>>
>> Boris, any chance you can also take a look at scenario in:
>> https://github.com/w3c/frame-timing/issues/40#issuecomment-97
On 5/11/15 7:03 PM, Ilya Grigorik wrote:
Boris, any chance you can also take a look at scenario in:
https://github.com/w3c/frame-timing/issues/40#issuecomment-9795
For the situation described there, it seems like the right mitigation,
conceptually, is to repaint the link when the href chan
On 2015/05/12 4:58, Boris Zbarsky wrote:
On 5/11/15 3:32 PM, Ehsan Akhgari wrote:
You can have style like:
>> ...
And then time the painting/compositing of the said content.
No, you can't. We explicitly forbid that, precisely because of
side-channel timing attacks. dbaron has a good writeu
FWIW, we have a tracking issue for this on GH:
https://github.com/w3c/frame-timing/issues/40
On Mon, May 11, 2015 at 12:58 PM, Boris Zbarsky wrote:
> No, you can't. We explicitly forbid that, precisely because of
> side-channel timing attacks. dbaron has a good writeup about how the
> :visited
On 5/11/15 3:32 PM, Ehsan Akhgari wrote:
You can have style like:
some content that is expensive to paint/composite
and then have;
a {
display: none;
}
a:visited {
display: inline;
}
And then time the painting/compositing of the said content.
No, you can't. We explicitly forbid that
On 2015-04-28 1:38 AM, Brian Birtles wrote:
On 2015/04/28 10:43, Jonas Sicking wrote:
Please make sure to do a security review so that this doesn't expose
any sensitive information accidentally. In particular, is there any
way to use this API to use :visited hacks along with timing
information t
On 2015/04/28 10:43, Jonas Sicking wrote:
Please make sure to do a security review so that this doesn't expose
any sensitive information accidentally. In particular, is there any
way to use this API to use :visited hacks along with timing
information to see if a user has visited a particular URL?
Please make sure to do a security review so that this doesn't expose
any sensitive information accidentally. In particular, is there any
way to use this API to use :visited hacks along with timing
information to see if a user has visited a particular URL?
/ Jonas
On Mon, Apr 27, 2015 at 2:27 AM,
8 matches
Mail list logo
