On Tue, Jan 5, 2016 at 1:18 PM, Jonas Sicking <jo...@sicking.cc> wrote:
> A big problem is sticking HTML/CSS content into WebGL is that WebGL > effectively enables reading pixel data through custom shaders and > timing attacks. > If you read https://www.khronos.org/registry/webgl/extensions/WEBGL_security_sensitive_resources/ carefully I think it's designed to prevent timing attacks by forbidding shader control flow from depending on security-sensitive texture data. It's hard for me to judge how implementable it is, but in principle it should be doable. It requires analysis of shader code. Rob -- lbir ye,ea yer.tnietoehr rdn rdsme,anea lurpr edna e hnysnenh hhe uresyf toD selthor stor edna siewaoeodm or v sstvr esBa kbvted,t rdsme,aoreseoouoto o l euetiuruewFa kbn e hnystoivateweh uresyf tulsa rehr rdm or rnea lurpr .a war hsrer holsa rodvted,t nenh hneireseoouot.tniesiewaoeivatewt sstvr esn _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
