- From: David Sheets <kosmo.zb@gmail.com>
- Date: Thu, 19 Apr 2012 21:16:37 -0700
- To: Vincent Hardy <vhardy@adobe.com>
- Cc: "public-fx@w3.org" <public-fx@w3.org>
On Wed, Apr 18, 2012 at 10:54 PM, Vincent Hardy <vhardy@adobe.com> wrote: > Hello, > > Since the original proposal on CSS shaders, there have been discussions on > this list and some related discussion on the WebGL mailing list at Khronos. What is the URL of the discussion on the WebGL mailing list at Khronos? > Following the most recent findings in efforts to make CSS shaders secure, I > have updated the page that summarizes the proposed security measure that > looks the most reasonable. The other measures that were considered are also > documented and a summary of why there did not fully meet the needs is also > provided. > > The short description of the proposal is that it removes access to the > rendered content from the shaders. This is not an issue for vertex shaders > (at least for a wide set of use cases). For fragment shaders, the result > produced by the shader will be combined with the rendered content, but this > combination step is not controlled by the shader, it is controlled by the > implementation. > > For example, a vertex shader that produces a flapping flag effect will not > be affected by the restriction because it does not need access to the > texture. A fragment shader that computes a lighting effect will compute a > light map that the implementation will then multiply with the original > texture. Here again, the shader does not access the rendered texture. > > I believe that this is a good approach and while it reduces some of the > functionally, it also addresses the new security concerns CSS shaders > raised. > > Please see the detailed description of the approach and examples of how a > technology like ANGLE could be used for an efficient implementation: > > http://www.w3.org/Graphics/fx/wiki/CSS_Shaders_Security > > Kind regards, > Vincent Hardy
Received on Friday, 20 April 2012 11:03:47 UTC