Hi Tom, > In particular, this one looks like it has all the same > concerns/problems with filters being applied to sensitive third party > content, and attacks that use timing to read that content. Are these > going to be tested for/addressed during implementation?
We are not aware of any new attacks that will be introduced by backdrop-filter that are not already possible via the filter property as both properties will share the same filtering implementation. This feature will be preferenced off by default and we will have some time to experiment and check for these kinds of attacks before enabling the feature by default. -Connor On Fri, Jul 5, 2019 at 7:11 AM Tom Ritter <t...@mozilla.com> wrote: > Just a note: we have a new template for Intent to X here: > https://wiki.mozilla.org/ExposureGuidelines > > In particular, this one looks like it has all the same > concerns/problems with filters being applied to sensitive third party > content, and attacks that use timing to read that content. Are these > going to be tested for/addressed during implementation? > > -tom > > On Thu, Jul 4, 2019 at 7:09 PM Connor Brewster <cbrews...@mozilla.com> > wrote: > > > > Clarification: backfrop-filter will *not* be restricted to secure > contexts. > > > > On Tue, Jun 25, 2019 at 4:30 PM Connor Brewster <cbrews...@mozilla.com> > > wrote: > > > > > Summary: The CSS backdrop-filter property allows web authors to > specify a > > > filter to be applied to an element's backdrop. It can be used to create > > > interesting visual effects that are commonly used in UI design. > > > > > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1178765 > > > > > > Standard: > https://drafts.fxtf.org/filter-effects-2/#BackdropFilterProperty > > > > > > Platform coverage: All platforms using the Gecko rendering engine > > > (WebRender enabled only) > > > > > > Target release: Firefox 71 (WebRender enabled only) > > > > > > Preference behind which this will be implemented: > > > layout.css.backdrop-filter.enabled > > > > > > Is this feature enabled by default in sandboxed iframes? Yes > > > > > > DevTools bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1561060 > > > > > > Do other browser engines implement this? WebKit (since version 9, > behind > > > -webkit- prefix), Blink (since version 47, Behind "Enable Experimental > Web > > > Platform Features" preference) > > > > > > web-platform tests: > > > > https://searchfox.org/mozilla-central/source/testing/web-platform/tests/css/filter-effects > > > > > > Is this feature restricted to secure contexts? Yes > > > > > > Connor Brewster > > > > > _______________________________________________ > > dev-platform mailing list > > dev-platform@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
