Microsoft declares WebGL 'harmful' to security

  • so if you start making a project in HTML5, you won't be able to choose a different runtime/exporter later?

    You will be able to change exporters with existing projects. Going from Canvas to a WebGL exporter should be totally seamless, because WebGL supports all of Canvas' features and more, but going the other way would need some work on your project.

    Someone from Mozilla responded to Microsoft's remarks today:

    http://shaver.off.net/diary/2011/06/17/ ... -platform/

    In short, they seem to say: adding new features always exposes new components to possible attack - WebGL is nothing special, and it can be made robust against attacks over time anyway. (Also, they point out D3D support is in Silverlight so would have the same security problems in theory!)

    I'm more convinced Microsoft are just reluctant to support OpenGL.

  • Some guy noted this on Sonic Retro...

    [quote:1nx9ku0f]They're just taking advantage of some guy who said that WebGL wasn't sandboxed so it could be used to break out of the browser. Problem: GLSL shaders are always provided as a script*, so they're always sandboxed. I can't say the same about Direct3D (which always provided platform-independent binary shaders).

    On the other hand, what is possible is trying to read what may be on screen by swapping the buffer and reading the undefined contents that were there. This doesn't work for all drivers though (sometimes you truly get garbage, and it definitely doesn't work when the buffer is in a window), and Direct3D is also affected by this (or anything using shaders, for that matter). If Microsoft comes up with WebD3D and they claim it to be secure, they're being hypocrite.

    *OpenGL 4 provies binary shaders, but they have to be built on the machine they're running on, making them quite pointless... They're only useful as part of an installer, really. And this isn't even part of the WebGL spec...

    Basically, I'm convinced that Microsoft are reluctant to support OpenGL/WebGL and want to find any possible excuse to avoid doing so. That, and they want to stop Silverlight from dying out. Seriously, who actually uses Silverlight?

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • That, and they want to stop Silverlight from dying out. Seriously, who actually uses Silverlight?

    Netflix does, unfortunately . And Netflix is HUGE.

  • Adobe want to keep Flash alive and Microsoft want to keep Silverlight alive - they'll probably coexist with HTML5 for a couple of years (while declining) before the web catches up and makes them redundant.

  • Just updated to Firefox 5 and the release notes say they've fixed the more obvious security issues around WebGL.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)