简体中文 | English
服務熱線:(852)39995400  (852)68882160
購物車
註冊

用戶登入

×
忘記用戶名
忘記密碼
在線客服

服務熱線

(852)39995400

WhatsApp 微信號

電郵 support@tnet.hk
在線諮詢    

更多聯繫方式

Cross-Domain WebGL Resources Disabled in Chrome.

  • 發佈時間:2011-12-29

  • 瀏覽次數:2082

  •  

     

    Back in May, a consultancy company called Context Information Security has identified several vulnerabilities in the WebGL technology.

     

    One of the issues was the cross-domain theft of images when used as WebGL textures, the company providing a proof-of-concept exploit for this type of attack.

     

    The Khronos Group which develops WebGL, has started to update the specification in order to address the problem, but in the meantime, Mozilla disabled support for cross-domain WebGL textures in Firefox 5.

     

    Google has now followed suit, however it provided an alternative for developers requiring this functionality.

     

    "As a result, Chrome 13 (and Firefox 5) will no longer allow cross-domain media as a WebGL texture. The default behavior will be a DOM_SECURITY_ERR.

     

    "However, applications may still utilize images and videos from another domain with the cooperation of the server hosting the media, otherwise known as CORS," the Chrome developers wrote.

    CORS, short for cross-origin resource sharing, is a mechanism that enables cross-origin requests. This allows webmasters to use cross-origin resources only if the resource owners agree.

     

    A new attribute called .crossOrigin has been implemented in WebKit for MediaElements and can be used to request permission to use a resource.

     

    However, the downside is that the owner of the resource needs to specifically allow its use via CORS and there are already WebGL projects that make use of cross-domain resources.

     

    Google has been working with large media hosting websites like Flickr to enable CORS, but this will take time and some content will likely break in Chrome 13 because of the change.

     

    Microsoft took advantage of these WebGL issues last month in order to dismiss the technology as a security risk. This has attracted criticism from a lot of people who consider that the company is two-faced because the version of Silverlight faces the same fundamental problems.


     

    Register   Your  Domain  Name,  Please  Click   www.eranet.com  

     

     

     

    Todaynic.com internation limited(www.eranet.com)as the icann ,cnnic and hkdnr accredit registrar .

    We have the  lowest price of Domain,$28\year(get 1 GB E-Mail,IDN domain for free). Four Domains  have  lowest  price  in  Hk.  .Com Only USD al9.77\yr, .NET only USD9.77\yr,  .ASIA only USD 24.45\yr, .HK only USD22.63\yr , Economy Host  only  cost $8.00/month,ect.

    More products you would like to purchased,more discount you will get.

    Web:    http://www.eranet.com/

     

     

     

     

     

搜索

Document

產品推薦

    •