Skip to content

Commit f1bd796

Browse files
svgeesussvgeesus
committed
protocol aspects are security, not privacy
1 parent ecb89e9 commit f1bd796

1 file changed

Lines changed: 3 additions & 4 deletions

File tree

css-masking-1/Overview.bs

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1273,13 +1273,12 @@ It is important that the timing to the masking operations is independent of the
12731273

12741274
A timing attack is a method of obtaining information about content that is otherwise protected, based on studying the amount of time it takes for an operation to occur. If, for example, red pixels took longer to draw than green pixels, one might be able to reconstruct a rough image of the element being rendered, without ever having access to the content of the element.
12751275

1276-
<<mask-source>>s and <<clip-source>>s have special requirements on fetching resources.
1277-
1278-
User agents must use the <a href="https://fetch.spec.whatwg.org/#main-fetch">potentially CORS-enabled fetch</a> method defined by the [[!FETCH]] specification for all <<mask-source>>, <<clip-source>> and <<image>> values on the 'mask-image', 'mask-border-source' and 'clip-path' properties. When fetching, user agents must use “Anonymous” mode, set the referrer source to the stylesheet's URL and set the origin to the URL of the containing document. If this results in network errors, the effect is as if the value ''mask-image/none'' had been specified.
12791276

12801277
# Security Considerations # {#sec}
12811278

1282-
No new security considerations have been raised on this specification.
1279+
<<mask-source>>s and <<clip-source>>s have special requirements on fetching resources.
1280+
1281+
User agents must use the <a href="https://fetch.spec.whatwg.org/#main-fetch">potentially CORS-enabled fetch</a> method defined by the [[!FETCH]] specification for all <<mask-source>>, <<clip-source>> and <<image>> values on the 'mask-image', 'mask-border-source' and 'clip-path' properties. When fetching, user agents must use “Anonymous” mode, set the referrer source to the stylesheet's URL and set the origin to the URL of the containing document. If this results in network errors, the effect is as if the value ''mask-image/none'' had been specified.
12831282

12841283

12851284
<h2 id="clip-property" class="no-num">Appendix A: The deprecated 'clip' property</h3>

0 commit comments

Comments
 (0)