[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] CORS and resource provider awareness



Nobody's code would be broken.

The idea, a variant of which Gregg Tavares has posted before to this
mailing list, would be:

  - A WebGLRenderingContext would start life with a "shader_clean" bit set.

  - The "shader_clean" bit continues to be set so long as all shaders
loaded into the WebGLRenderingContext obey the timing restrictions set
in the ANGLE patch.

  - While the "shader_clean" bit is set:

    - It is legal to upload cross-domain media into WebGL textures.
Doing so taints the canvas and prevents toDataURL(), readPixels(),
etc., as the pre-CORS WebGL spec did.

  - If the "shader_clean" bit transitions from true to false, and any
cross-domain media was uploaded as a texture, then the context would
be lost.

  - If the "shader_clean" bit was false, the existing CORS
restrictions would be enforced.

This would not break any existing programs. It would, however, allow
cross-domain media to be used in conjunction with a set of useful
WebGL shaders.

-Ken


On Tue, Oct 30, 2012 at 12:41 PM, Florian Bösch <pyalot@gmail.com> wrote:
> Btw. trigger rally is using such code right now for terrain rendering
> as well. Thank you for breaking jareikos code as well.
>
> On Tue, Oct 30, 2012 at 8:40 PM, Florian Bösch <pyalot@gmail.com> wrote:
>> On Tue, Oct 30, 2012 at 8:37 PM, Kenneth Russell <kbr@google.com> wrote:
>>> The timing restriction patch that I intended to refer to was Adobe's
>>> contribution to the ANGLE project (http://cs.chromium.org , search for
>>> SH_TIMING_RESTRICTIONS) which prevents control flow decisions from
>>> being made based on values fetched from textures. I believe that this
>>> would defend against the side-channel timing attack which forced the
>>> WebGL spec to disallow the use of cross-origin media.
>> I do do code that makes control flow decisions based on values fetched
>> from textures. Thank you for breaking my code.

-----------------------------------------------------------
You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email:
unsubscribe public_webgl
-----------------------------------------------------------