[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] Proposed change to WebGL spec section 4.2 (Security Origin Restrictions)



Your hack would argue for even stricter rules (don't allow vertex textures and don't allow discard, or don't allow tainted textures to ever be used) or giving up on it since somebody will find a way around it anyway.

You don't need discard or loops or even if.  With carefully constructed textures and a couple of dependent texture lookups you can make all of the texture accesses coherent or incoherent.  This ends up looking suspiciously similar to the DoS attacks we developed in the early days of WebGL.

-- Kenneth Waters