Re: [filter-effects] shader security model

On Mar 6, 2013, at 10:44 AM, L. David Baron <> wrote:

> [ +public-fx ]
> On Wednesday 2013-03-06 10:22 -0800, Dirk Schulze wrote:
>> During the conference call today issues were raised about security problems with shaders. I would like to summarize the security discussions that we had so far and explain how we addressed these issues. For the complete discussion take a look at [1].
> I probably shouldn't have concentrated as much on the security
> issue; my broader point is that the shaders part of the
> specification has less consensus than the rest of the specification,
> and is far more in an experimental state, and should thus be in a
> separate document.

Thanks for your reply David. There are still a lot of things that we need to resolve on the other filter primitives for Filter Effects and that will take some time. I am less concerned about possible open issues on shaders at this point. Some of the issues on the initial Filter Effect draft are:

- unbound filter regions
- stdDeviation values on feGaussianBlur and feDropShadow
- subregions clipping input or output of a primitive
- child | child-selector
- clarifications on premultiplied to non-premultiplied input
- clarifications on color-interpolation-filters

(and partly have been on the FXTF agenda for the last call).

I wanted to resolve on a new working draft not only because of the changes to custom filters, but more because of a lot of clarifications for the other filter primitives and shorthand filters. At this point I do not see shaders blocking the standardization process of the whole spec. Should people still be concerned about the implementation status of shaders later in the process, we can put shaders on the risk list before going to CR. It may go into the next level of Filter Effects at this point.

Do you disagree with this strategy?


> -David
> -- 
> 𝄞   L. David Baron                  𝄂
> 𝄢   Mozilla                    𝄂

Received on Wednesday, 6 March 2013 19:05:24 UTC