Cross-Domain WebGL Resources Disabled in Chrome.
發佈時間:2011-12-29
-
瀏覽次數:2082次
Back in May, a consultancy company called Context Information Security has identified several vulnerabilities in the WebGL technology.
One of the issues was the cross-domain theft of images when used as WebGL textures, the company providing a proof-of-concept exploit for this type of attack.
The Khronos Group which develops WebGL, has started to update the specification in order to address the problem, but in the meantime, Mozilla disabled support for cross-domain WebGL textures in Firefox 5.
Google has now followed suit, however it provided an alternative for developers requiring this functionality.
"As a result, Chrome 13 (and Firefox 5) will no longer allow cross-domain media as a WebGL texture. The default behavior will be a DOM_SECURITY_ERR.
"However, applications may still utilize images and videos from another domain with the cooperation of the server hosting the media, otherwise known as CORS," the Chrome developers wrote.
CORS, short for cross-origin resource sharing, is a mechanism that enables cross-origin requests. This allows webmasters to use cross-origin resources only if the resource owners agree.
A new attribute called .crossOrigin has been implemented in WebKit for MediaElements and can be used to request permission to use a resource.
However, the downside is that the owner of the resource needs to specifically allow its use via CORS and there are already WebGL projects that make use of cross-domain resources.
Google has been working with large media hosting websites like Flickr to enable CORS, but this will take time and some content will likely break in Chrome 13 because of the change.
Microsoft took advantage of these WebGL issues last month in order to dismiss the technology as a security risk. This has attracted criticism from a lot of people who consider that the company is two-faced because the version of Silverlight faces the same fundamental problems.
Register Your Domain Name, Please Click www.eranet.com
Todaynic.com internation limited(www.eranet.com)as the icann ,cnnic and hkdnr accredit registrar .
We have the lowest price of Domain,$28\year(get 1 GB E-Mail,IDN domain for free). Four Domains have lowest price in Hk. .Com Only USD al9.77\yr, .NET only USD9.77\yr, .ASIA only USD 24.45\yr, .HK only USD22.63\yr , Economy Host only cost $8.00/month,ect.
More products you would like to purchased,more discount you will get.
搜索