Open Bug 1445310 Opened 6 years ago Updated 2 years ago

Clamp and Jitter Timestamps in CSS Animations

Categories

(Core :: CSS Parsing and Computation, enhancement, P3)

enhancement

Tracking

()

People

(Reporter: tjr, Assigned: birtles)

References

Details

(Whiteboard: [fingerprinting][fp-triaged])

Currently CSS Animations have calls into ReduceTimePrecision; but they are all (well, if you count Bug 1440195 which hasn't landed just yet) tagged RFPOnly (https://searchfox.org/mozilla-central/search?q=RFPOnly&path= ) - meaning they are only clamped/jittered in ResistFingerprinting Mode (which is not the default.)

We would like to fix this so they can be accurately and safely clamped in 'normal' mode (by removing the RFPOnly flag.)

There are two main types of problems preventing this right now:

1) Clamping is done in the wrong place. 

Bug 1430975 moved clamping for the cancel event, but even still this seemed to cause some intermittent:  bug 1443122, bug 1443574, bug 1443778

But besides the animation events, there's the animation time fields exposed by JavaScript. We want to clamp these values; but what we're doing currently (in https://searchfox.org/mozilla-central/rev/99df6dad057b94c2ac4d8b12f7b0b3a7fdf25d04/dom/animation/AnimationUtils.h#36 ) is clamping something that's used for internal animation calculations, which resulted in failures like 

> TEST-UNEXPECTED-FAIL |
> /web-animations/animation-model/animation-types/discrete.html | 
> Test animating discrete values - assert_equals: Animation produces
> 'to' value at exact middle of the interval expected "italic" but got "normal"


2) Jittering requires special considerations for relative timelines. Any timestamp that isn't a unix epoch is a relative timestamp. The security of jitter requires that each relative timeline have its own 'Context Seed' (or whatever you want to call it.)  This is added for a few DOM classes in Bug 1440195. 

The DOM Classes added to in Bug 1440195 however never reset. If CSS Animation timelines can reset back to 0; then during that reset a new random seed must be generated.  (But conversely, if they can't reset back to zero then you can probably just use the same RelativeTimeline class from Bug 1440195.)



Note that none of this is intended to affect the playback of animations or getComputedStyle.
[Triage 2018/03/23 - P3]
Priority: -- → P3
Whiteboard: [fingerprinting] → [fingerprinting][fp-triaged]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.