[css-filters] CSS shaders security prototype implementation and examples


We have been prototyping the ideas presented on the CSS Shaders security wiki:


You can find the prototype/experimental build at:

Pre-built binaries:

source access:

You can access demos on github at:


Most of our work has been to:

a. prevent rendered content texture access from shaders
b. experiment with shader re-writing to allow the author result of the fragment shader to be combined with the original texture.

You can see multiple examples on github. In particular:

- https://github.com/adobe/web-platform/blob/may2012-f2f-prototype/samples/css-shaders/simple-vertex/shaders/flag.vs

Shows that even without a fragment shader, vertex shaders can be useful.

- http://localhost/vhardy/work/dev/github/adobe/web-platform/samples/css-shaders/varyings/shaders/varyings.fs

Shows how the author result of the shader (css_BlendColor) can be combined in a useful manner with the original texture by applying a multiply blend.

- https://github.com/adobe/web-platform/blob/may2012-f2f-prototype/samples/css-shaders/simple-fragment/shaders/grayscale.fs

Illustrates how the author result of the shader could be combined with the texture as a matrix multiply.

We think this demonstrates that CSS shaders are still very useful even with the proposed security restrictions and that it is possible to have multiple ways of combining the result of the fragment shader with the original texture (the prototype implements two, a multiply blend and a matrix multiply, but more options are possible).

Since the shaders do not have access to the rendered texture, the security issues are reduced to the general issues shared with WebGL (such as denial of service).

Kind regards,

Received on Monday, 7 May 2012 15:22:00 UTC