On Sat, Feb 25, 2017 at 1:09 AM, <trit...@mozilla.com> wrote: > On Thursday, February 23, 2017 at 9:09:58 AM UTC-6, Boris Chiou wrote: >> *Preference behind which this will be implemented*: I'm not sure. I think >> we don't need it because it is just a variant of the step timing function, >> and so it is safe to turn it on. If there is any other concerns, I can add >> a preference for this. > > Given our (and all browsers') painful history with people finding novel ways > to bypass security by abusing any and all timers we expose, I would feel much > better if this had a pref.
As Boris mentioned, adding a pref is no problem, but I'm curious to learn about the specific security concern here. This doesn't expose any new timing information. It's just a variation on the steps timing function. Perhaps the 'frames' name suggests something about exposing the browser's animation frames, but there's no connection between frames() and actual animation frames in the browser. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
