Oh this is purely JS memory use? Hmm ok, my original example wouldn't work, but I still think I could construct an attack. Let me think about it some more.
dave On Jun 4, 2010, at 2:31 PM, James Robinson wrote: > How? Visited state information is not stored in the javascript heap (which > is what this object contains information about). > > - James > > On Fri, Jun 4, 2010 at 12:06 PM, David Hyatt <hy...@apple.com> wrote: > I'm fairly certain I could construct an attack on :visited history privacy > using this object. > > dave > > On Jun 4, 2010, at 2:02 PM, Ojan Vafai wrote: > >> On Fri, Jun 4, 2010 at 11:27 AM, Sam Weinig <sam.wei...@gmail.com> wrote: >> After talking it over with some folks here at Apple, I want to formally >> object to adding the Console.memory extension to the Console object and I >> think we should remove support for Console.profiles as soon as we can. They >> both provide information to users that are not generally useful (beyond the >> "continuous integration/buildbot" use-case which I think is of limited >> utility) and therefore should not be exposed to the web. >> >> Why is the continuous integration/buildbot use-case of limited utility? Or >> are you saying that Console.memory doesn't really support that use-case >> well? I think we want to make it as easy as possible for complex apps (e.g. >> email apps, mapping apps, etc.) to care about and monitor memory use. >> >> While I'm not convinced by the utility argument, I do buy the security >> argument. How would you feel about leaving the code in, but disabling it by >> default? Then it could be enabled by command-line or via a preference. >> >> That said, I'm OK with rolling back for now given that the code was >> committed without this discussion actually coming to a conclusion. >> >> Ojan >> _______________________________________________ >> webkit-dev mailing list >> webkit-dev@lists.webkit.org >> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev > > > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org > http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev > >
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
