On Dec 7, 2011, at 7:23 PM, Vincent Hardy wrote: > Hello, > > @chris > > >> So I take back my statement that CSS Shaders are less dangerous than > >> WebGL. They are more!!! > > It seems to me that the differences are: > > a. It is easier to do the timing portion of a timing attack in WebGL because > it all happens in a script and the timing is precise. With CSS shaders, the > timing is pretty coarse. > > b. The content that a CSS shader has access to may be more sensitive than the > content a WebGL shader has access to because currently, WebGL cannot render > HTML (but isn't it possible to render an SVG with a foreignObject containing > HTML into a 2D canvas, and then use that as a texture? In that case, wouldn't > the risk be the same? Or is the canvas tainted in that case and cannot be > used as a texture?).
Yes, if that were possible (it's not today in WebKit) then WebGL shaders would be even more dangerous because of their more precise timing. ----- ~Chris cmar...@apple.com
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
