Intent to unship: typeMustMatch attribute on <object> elements

[Frederik Braun]

Hi,

In bug 1548773, annevk suggested to unship the `typeMustMatch`attribute
from <object> elements[1].

No other browser supports this and we have just learned that this
attribute can be used to leak information about cross-origin resources[2].

While it seems worth removing immediately to me, I'm interested in
additional feedback.

Thanks,
Freddy

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1548773
[2]
https://github.com/xsleaks/xsleaks/wiki/Browser-Side-Channels#object-typemustmatch

[Anne van Kesteren]

On Fri, May 3, 2019 at 11:06 AM Frederik Braun <fbr...@mozilla.com> wrote:
> In bug 1548773, annevk suggested to unship the `typeMustMatch`attribute
> from <object> elements[1].

I've now also changed the HTML standard in
https://github.com/whatwg/html/pull/4590 and updated WPT in
https://github.com/web-platform-tests/wpt/pull/16656.


> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1548773

[Mike Taylor]

On 5/3/19 4:06 AM, Frederik Braun wrote:
> In bug 1548773, annevk suggested to unship the `typeMustMatch`attribute
> from <object> elements[1].
>

> No other browser supports this and we have just learned that this
> attribute can be used to leak information about cross-origin resources[2].
>
> While it seems worth removing immediately to me, I'm interested in
> additional feedback.

I ran a search on BigQuery over HTTP Archive data (just for desktop) and
here are the results:

<https://docs.google.com/spreadsheets/d/1z9-QVOqZtTJ1LcpSfjrW8CdoHHTrAaktiOjr7NJ_mgE/edit#gid=344963178>

I only looked at 10 random items, and nothing seemed alarming -- just
enumeration of attributes, or mapping strings to props, or regular
expressions looking for valid attributes.

(Might be worth someone putting in more than 5 minutes of poking around
though).

--
Mike Taylor
Web Compat, Mozilla