MozillaWiki

Platform/GFX/2011-May-9: Difference between revisions

Page Discussion

Platform/GFX/2011-May-9 (view source)

Revision as of 18:23, 9 May 2011

14 bytes added ,  9 May 2011
no edit summary
No edit summary
No edit summary
Line 9: Line 9:
** Need to fix INVALID_FRAMEBUFFER_OPERATION error then run reftests.
** Need to fix INVALID_FRAMEBUFFER_OPERATION error then run reftests.
* WebGL cross-domain image theft vulnerability (bjacob, jrmuizel)
* WebGL cross-domain image theft vulnerability (bjacob, jrmuizel)
** proof of concept: http://www.contextis.co.uk/resources/blog/webgl/
** proof of concept: http://www.contextis.co.uk/resources/blog/webgl/poc/index.html
** Best option at the moment seems to be to forbid loading textures from cross-domain images without CORS approval.
** Best option at the moment seems to be to forbid loading textures from cross-domain images without CORS approval.
** Must block usage of a canvas 2D context as proxy to work around this security measure.
** Must block usage of a canvas 2D context as proxy to work around this security measure.
Bjacob
Confirmed users
753

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/306531"