On 31/10/2011, at 4:34 PM, Tab Atkins Jr. wrote: > On Mon, Oct 31, 2011 at 10:30 AM, Vincent Hardy <vhardy@adobe.com> wrote: >> Tab: you mention that more things than the shading language are contentious. >> Can you explain what these contentious issues are? >> Are you referring to the issues raised on the mailing list: >> http://www.w3.org/Graphics/fx/wiki/Custom_Filters#Issues_List >> or something else? > > I'm specifically referring to the issue of selecting through a vertex > filter, and the security issues with using a fragment shader to > extract information through a timing channel. Both of these are > unaddressed and probably difficult to deal with, and may take a decent > amount of time to deal with. I don't think either of these are limited to shaders. Regular XML/SVG filters have the same issues: A displacement map can significantly move content making selection confusing, and a filter can be written to theoretically run faster/slower depending on the input (component transfer, for example). Regarding the timing attack in particular, CSS filters have the benefit that it's much harder to measure the effect. Unlike <canvas>, you don't really control the drawing operation. You can't be sure that the element you're attacking was the only thing rendered. That doesn't mean the attack is impossible. Dean > > >> The CSS shaders proposal responds to the feCustom 'question' in the 'Filter >> Effects' specification and it seems more natural to integrate it than keep >> it a separate specification. > > Or we can just move the definition of <feCustom> to Shaders. > > ~TJ >Received on Monday, 31 October 2011 23:51:22 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:49:39 UTC