On 5/11/15 7:03 PM, Ilya Grigorik wrote:
Boris, any chance you can also take a look at scenario in: https://github.com/w3c/frame-timing/issues/40#issuecomment-97888895
For the situation described there, it seems like the right mitigation, conceptually, is to repaint the link when the href changes regardless of whether it's visited, no? Otherwise you have a timing attack available even without frame timing: just make the repaint expensive and see if you end up delaying timers too much or not.
-Boris _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
