On 2016-01-04 3:54 PM, Xidorn Quan wrote: > On Tue, Jan 5, 2016 at 8:46 AM, Kearwood "Kip" Gilbert > <kgilb...@mozilla.com> wrote: >> Hello All, >> >> In WebVR, we often present UI as a Head's Up Display (HUD) that floats >> in front of the user. Additionally, we often wish to show 2d graphics, >> video, and CSS animations as a texture in 3d scenes. Creating these >> textures is something that CSS and HTML are great at. >> >> Unfortunately, I am not aware of an easy and efficient way to capture an >> animated of an interactive HTML Element and bring it into the WebGL >> context. A "moz-element" -like API would be useful here. > Is it possible to access pixels' color inside the texture? If yes, > please mind the privacy issue around :visited selector on links, as > users' history would be leaked via either painting link directly, or > painting an element using -moz-element(#a-link-element) as background. Thanks Xidorn!
The proposed WEBGL_security_sensitive_resources extension describes how we could ensure that content does not read pixels from buffers that were rendered with security sensitive textures. If we don't implement read-only buffers with WEBGL_security_sensitive_resources, would it be sufficient to render content styled without the :visited selector and not allow cross-origin content? Are there some other security concerns I may have missed? Cheers, - Kip > > More information can be found in [1] and also [2]. > > [1] > https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector > [2] > https://developer.mozilla.org/en-US/docs/Web/API/Canvas_API/Drawing_DOM_objects_into_a_canvas#Security > > - Xidorn _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
