[css-filters] CSS shaders security prototype implementation and examples from Vincent Hardy on 2012-05-07 (public-fx@w3.org from April to June 2012)

From: Vincent Hardy <vhardy@adobe.com>
Date: Mon, 7 May 2012 08:21:25 -0700
To: "public-fx@w3.org" <public-fx@w3.org>
Message-ID: <CBCDB064.43841%vhardy@adobe.com>

Hello,

We have been prototyping the ideas presented on the CSS Shaders security wiki:

http://www.w3.org/Graphics/fx/wiki/CSS_Shaders_Security#Proposed_Method:_disallow_access_to_rendered_content_and_combine_with_blending

You can find the prototype/experimental build at:

Pre-built binaries:
https://github.com/adobe/webkit/downloads

source access:
https://github.com/adobe/webkit/tree/may2012-f2f-prototype

You can access demos on github at:

https://github.com/adobe/web-platform/tree/may2012-f2f-prototype/samples/css-shaders

Most of our work has been to:

a. prevent rendered content texture access from shaders
b. experiment with shader re-writing to allow the author result of the fragment shader to be combined with the original texture.

You can see multiple examples on github. In particular:

- https://github.com/adobe/web-platform/blob/may2012-f2f-prototype/samples/css-shaders/simple-vertex/shaders/flag.vs

Shows that even without a fragment shader, vertex shaders can be useful.

- http://localhost/vhardy/work/dev/github/adobe/web-platform/samples/css-shaders/varyings/shaders/varyings.fs

Shows how the author result of the shader (css_BlendColor) can be combined in a useful manner with the original texture by applying a multiply blend.

- https://github.com/adobe/web-platform/blob/may2012-f2f-prototype/samples/css-shaders/simple-fragment/shaders/grayscale.fs

Illustrates how the author result of the shader could be combined with the texture as a matrix multiply.

We think this demonstrates that CSS shaders are still very useful even with the proposed security restrictions and that it is possible to have multiple ways of combining the result of the fragment shader with the original texture (the prototype implements two, a multiply blend and a matrix multiply, but more options are possible).

Since the shaders do not have access to the rendered texture, the security issues are reduced to the general issues shared with WebGL (such as denial of service).

Kind regards,
Vincent

Received on Monday, 7 May 2012 15:22:00 UTC