On 2012-04-14 9:57 PM, Lucas Adamski wrote:
On Apr 13, 2012, at 8:20 PM, Zack Weinberg wrote:
On 2012-04-13 6:37 PM, Adrienne Porter Felt wrote:
I'm trying to brainstorm a new way to fit trusted UI into the
user's normal flow that would enable preview modification,
without throwing up a standard dialog. If anyone buys my case
that we need such a thing, suggestions for how to get around the
preview problem would be awesome. :)
The API could let the app apply arbitrary WebGL operations to the
feed from the camera, but not allow the result to go anywhere but
the screen until the user hits the button.
I won't pretend to know WebGL enough to understand its full
capabilities, but is it feasible to apply such effects to images
without being able to read the data?
Shader programs are Turing-complete and run in a sandbox with exactly
the security properties we need here. I'm pretty sure all of the
examples you gave can be done under the constraint I described.
I do know a use case that won't fit into this paradigm: Photosynth (
http://itunes.apple.com/us/app/photosynth/id430065256?mt=8 ) lets you
construct a panoramic image simply by waving your phone around. It
automatically positions photos on a virtual sphere based on orientation
sensor data plus image analysis, and automatically takes photos to fill
in gaps. The image analysis here could (in principle) be done in a
shader, but taking additional photos at appropriate times based on the
analysis can't.
But we have an alternative ready-to-hand, without falling back to
permissions dialogs: video recording mode. If
WebGL-preview-until-user-authorizes-still isn't good enough, ask for
permission to record video; that gives access to the raw video stream
(until the user presses the button again) and an API to take stills
whenever you want.
zw
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
