Security/Reviews/Firefox5/ReviewNotes/CSSAni

Date of Review: 201104.28

Item Reviewed:

CSS Animations bug 435442

• This change did not add things that could not be done before
  • Added an API to do things you could do with script before
• All about getting time correct, does not affect safety
• Don't want to redo work asynch faster than refresh
• animations vs transitions
  • Transitions let you cause computed-style changes to happen slowly (and then finish)
  • Animations are different in that they activally cause animation

example:

@-moz-keyframes mymove {
    0% { margin-left: 50px }
    25% { margin-left: 100px }
    100% { margin-left: 200px }
}
p { -moz-animation: mymove 2s linear infinite; }

issues:

• possible perf issues for some corner cases (see refresh driver + iframes below), not of sec concern
• animations beat UA stylesheet !important rules!?!?!? i think we rely on UA stylesheet !important rules for safety, and up til now users have been able to rely on user stylesheet !important rules. (not just specificity but also precedence?)

actions:

• Jesse to add new syntax to CSS fuzzer (parsing is low-level code)
•  ?{dbaron,bz} to look into whether we have performance issues with iframe navigation in bfcache getting high-frequency refresh driver notifications
• dbaron to look into adding assertions that ~CommonElementAnimationData is only called through Destroy()
• [blocks release] dbaron to file and fix bug about not overriding UA style sheets (hacky fix is to just put them between author !important and user !important)
• [maybe blocks release] dbaron to look at handling of properties with value range restrictions interacting with cubic-bezier() that goes wider that 0%/100% (and raise as a spec issue)