[Webkit-unassigned] [Bug 69044] Canvas drawElement() security issues

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 6 15:30:12 PDT 2011


--- Comment #20 from Simon Fraser (smfr) <simon.fraser at apple.com>  2011-10-06 15:30:12 PST ---
How does this sound as a possible approach:
1. Always taint the canvas when drawElement is called on it.
2. When using drawElement(), don't' paint things that can reveal personal info (visited links, spelling underlines, some form control stuff)
3. Find a way to mitigate timing attacks (e.g. invert the alpha and draw into a throwaway context).

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list