On 2016-01-04 4:54 PM, Robert O'Callahan wrote: > On Tue, Jan 5, 2016 at 1:18 PM, Jonas Sicking <jo...@sicking.cc> wrote: > >> A big problem is sticking HTML/CSS content into WebGL is that WebGL >> effectively enables reading pixel data through custom shaders and >> timing attacks. >> > If you read > https://www.khronos.org/registry/webgl/extensions/WEBGL_security_sensitive_resources/ > carefully I think it's designed to prevent timing attacks by forbidding > shader control flow from depending on security-sensitive texture data. > > It's hard for me to judge how implementable it is, but in principle it > should be doable. It requires analysis of shader code. > > Rob Another vector to read back content is the depth buffer, glQueries, and use of the discard instruction. WEBGL_security_sensitive_resources prevents writing to the depth buffer when binding a security sensitive texture.
If it is not feasible to prevent variation in timing or to otherwise prevent content from determining the content of the texture, perhaps another approach would be to require all elements to be sanitized before capturing their textures. For example, :visited styles should not be evaluated and cross-origin content should not be allowed. - Kip _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
