W3C home > Mailing lists > Public > public-fx@w3.org > April to June 2012

Update on CSS shaders security issue

From: Vincent Hardy <vhardy@adobe.com>
Date: Wed, 18 Apr 2012 22:54:35 -0700
To: "public-fx@w3.org" <public-fx@w3.org>
Message-ID: <CBB4F6AB.3F10C%vhardy@adobe.com>
Hello,

Since the original proposal on CSS shaders, there have been discussions on this list and some related discussion on the WebGL mailing list at Khronos.

Following the most recent findings in efforts to make CSS shaders secure, I have updated the page that summarizes the proposed security measure that looks the most reasonable. The other measures that were considered are also documented and a summary of why there did not fully meet the needs is also provided.

The short description of the proposal is that it removes access to the rendered content from the shaders. This is not an issue for vertex shaders (at least for a wide set of use cases). For fragment shaders, the result produced by the shader will be combined with the rendered content, but this combination step is not controlled by the shader, it is controlled by the implementation.

For example, a vertex shader that produces a flapping flag effect will not be affected by the restriction because it does not need access to the texture. A fragment shader that computes a lighting effect will compute a light map that the implementation will then multiply with the original texture. Here again, the shader does not access the rendered texture.

I believe that this is a good approach and while it reduces some of the functionally, it also addresses the new security concerns CSS shaders raised.

Please see the detailed description of the approach and examples of how a technology like ANGLE could be used for an efficient implementation:

http://www.w3.org/Graphics/fx/wiki/CSS_Shaders_Security

Kind regards,
Vincent Hardy
Received on Thursday, 19 April 2012 05:55:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 April 2012 05:55:07 GMT