Thursday, September 22, 2011

Careful... pixel-data access is pointy

Robert O'Callahan writes:
Some Web applications require the pixel data of Web pages to be exposed to Web applications [...] There are some pretty big security implications here. The biggest problem is cross-origin information leakage.
He's right on. This has a bunch of subtle risks to haphazardly implementing pixel-data access. The one near and dear to my heart is the risk of defeating what we shipped a while back to stop the CSS- and JavaScript-based history sniffing. Draw links, read colors, defeat fix. Not good. We can't just lie to the content script attempting to access the rendered data -- once it's drawn, it's really hard to figure out what's a link and what isn't. So what do we do? Take a look at this and the other issues with implementing pixel-data access over on his blog. If you've got ideas, we're all ears.

1 comment:

Anonymous said...

Instead of trying to "figure out" each pixel after the page is drawn, you could just draw the page twice. Once for normal viewing and once for pixel-data access. The latter would be modified to show all the links as unvisited, iframes as blank, etc.