W3C home > Mailing lists > Public > www-style@w3.org > October 2011

Re: [css-shaders] CSS shaders for custom filters (ACTION-3072)

From: Chris Marrin <cmarrin@apple.com>
Date: Wed, 05 Oct 2011 15:15:37 -0700
Cc: "www-style@w3.org CSS" <www-style@w3.org>, "public-fx@w3.org" <public-fx@w3.org>, SVG WG <public-svg-wg@w3.org>
Message-id: <AE5789D5-F1E0-41EA-BF5B-09C3741B0C79@apple.com>
To: Vincent Hardy <vhardy@adobe.com>

On Oct 4, 2011, at 8:07 AM, Vincent Hardy wrote:

> Hi Chris,
> 
> Thanks for your comments and response. I have inserted my own comments below.
> 
> On Oct 4, 2011, at 5:51 AM, Chris Marrin wrote:
> 
>> 
>> On Oct 3, 2011, at 6:51 AM, Vincent Hardy wrote:
>> 
>>> Hello,
>>> 
>>> The Filter Effects 1.0 draft contains an open issue about supporting "a filter primitive that would reference a programmable operation, similar to an OpenCL kernel or GLSL fragment shader":
>>> 
>>> https://dvcs.w3.org/hg/FXTF/raw-file/tip/filters/publish/Filters.html#feCustomElement
>>> 
>>> During the last FX task force meeting in Seattle, I got the action to prepare a detailed proposal for supporting custom filters in the Filter Effects 1.0 (http://www.w3.org/Graphics/SVG/WG/track/actions/3072). 
>>> 
>>> The detailed proposal can be found at:
>>> 
>>> https://dvcs.w3.org/hg/FXTF/raw-file/tip/custom/index.html
>>> 
>>> We (at Adobe) have worked on a prototype implementation. The proposal reflects the work done on the prototype to get a better understanding of the various issues involved when using fragment and vertex shaders for custom effects. It also reflects on the feedback and suggestions of several people, in particular the co-editors for the proposal, Dean Jackson and Erik Dahlström.
>> 
>> This is a very exciting proposal, thanks for the doing it and the implementation.
> 
> Thanks!
> 
>> As editor of the WebGL spec, I'd like to suggest you rephrase the shading language choice. You mention "OpenGL ES for alignment with fragment shaders in WebGL". I think it's important to more tightly specify the language as the exact subset of OpenGL ES that is used in WebGL. We've done quite a bit of work to narrow the accepted language to a subset of OpenGL ES that is appropriate for the web, makes it easier to deal with the security issues, and makes it possible to implement on top of ANGLE (to allow WebGL to run on top of Direct3D). Making that clear here allows you to take advantage of those same features.
> 
> So you are suggesting to reference the following specifically, is that right?
> http://www.khronos.org/registry/webgl/specs/latest/#SUPPORTED_GLSL_CONSTRUCTS

Both that section (section 4.3) and section 6 "Differences Between WebGL and OpenGL ES 2.0" would be useful references.

>> 
>> Finally, it's good that you include section 6.3 on security. That is obviously the main sticking point of WebGL, and of WebCL if and when it becomes available. But I don't think you should characterize Denial of Service as the only real security concern. WebGL represents the first exposure of an API of the complexity of OpenGL to the web. GLSL is a programming language which, unlike JavaScript, executes instructions directly on the host machine. Exposing this kind of functionality to content authors is unprecedented, and opens up brand new avenues for malicious exploits. For that reason these drivers need to be hardened against attacks like never before.
>> 
>> As you say, this work is ongoing and I believe that WebGL and related technologies will ultimately be as safe as any that are exposed to the web today. But we're not there yet, which is why Apple includes the functionality in its browsers, but leaves it disabled. On desktop it can be turned on with a developer switch and on iOS it is only available to iAd developers. 
>> 
>> We found that when we shipped WebGL 1.0 we should have erred on the side of expressing greater concern about these issues, rather than making them an aside. I think the same is true of CSS Shaders.
> 
> Point taken. I did not mean that section to diminish the security concerns, but I can see that the sentence that says "Consequently, the main security consideration is a possible denial of service attack" should be worded differently. I'll do that.

I know your intent is to appropriately raise the security concerns. But as someone recently bitten in the ass by this, I can tell you that you can't emphasize the significance of this issue enough to satisfy all the scrutinizers out there!

-----
~Chris
cmarrin@apple.com
Received on Wednesday, 5 October 2011 22:16:23 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 17:20:45 GMT