Struct ugli_webgl::WEBGL_security_sensitive_resources

pub struct WEBGL_security_sensitive_resources(_);

Extension

In the WebGL API 1.0 specification, section 4.2 Origin Restrictions restricts the following sources for texture upload:

• An image or video element whose origin is not the same as the origin of the Document that contains the WebGLRenderingContext's canvas element.
• A canvas element whose origin-clean flag is set to false.

This extension allows these sources for texture uploads, with some restrictions regarding their uploading and use.

Motivation:

This extension enables the processing of cross-origin resources in WebGL. Additionally, it defines a foundation of concepts that can be used in future extensions to process other types of security sensitive content, including arbitrary HTML content.

For an example of security sensitive content, consider the rendering of an HTML link. The color of the link can indicate its visited or unvisited state. Third parties must not be able to access or infer this information.

Specifically, third parties must not be able read the pixel data of security sensitive content through WebGL or other APIs. Additionally, third parties must not be able to divulge or approximate the pixel data of security sensitive content by timing WebGL operations.

Prior to this extension, WebGL restricted the upload of security sensitive content as a texture for graphical processing. This extension enables the uploading and processing of security sensitive content, with some restrictions. Note that this extension imposes no restrictions on the processing of regular, non-security sensitive content.

To secure a user’s privacy, a WebGL implementation must not leak information about the contents of security sensitive textures through the execution time of its commands. To achieve this, no part of the underlying graphics pipeline may vary in execution time based on the contents of a security sensitive texture. For example, primitive assembly and depth testing must not vary based on the contents of a security sensitive texture.

The vertex shading and fragment shading stages of the graphics pipeline require particular restrictions to keep their execution time independent of the contents of security sensitive textures. Specifically, the contents of a security sensitive texture must only appear in constant-time GLSL operations. A constant-time GLSL operation is an operation whose execution time does not vary based on the values of its operands. This extension will describe how a WebGL implementation can enforce this requirement.

Additionally, this extension attempts to identify non-constant-time GLSL operations. All other GLSL operations are assumed to be constant time in both the WebGL implementation and the underlying GPU implementation. If this assumption is false on a particular implementation, then this extension must be disabled for that implementation. In the future, GPU vendors may be able to provide a mechanism to guarantee that the assumed GLSL operations are in fact constant-time. Definitions

This extension relies on the definition of several constructs in GLSL. These constructs are determined statically, after preprocessing. Regular Sampler Variables and Secure Sampler Variables

S is a regular sampler if an expression dependent on S appears in one or more of the following constructs:

• if statement condition
• selection operator (?) condition
• loop condition
• logical and operator (&&)
• logical or operator (||)
• coord, bias, or lod argument in a texture lookup function call
• assignment to gl_Position
• assignment to gl_FragDepth

Otherwise, S is a secure sampler. Sampler-Dependent Expressions

An expression is dependent on the sampler S if:

• It contains a texture lookup function call with S as the sampler argument.
• It contains an expression that is dependent on the sampler S.
• It contains a variable that is dependent on the sampler S.

Sampler-Dependent Variables

A variable is dependent on the sampler S if:

• It is assigned to an expression dependent on the sampler S. (e.g. If a = b and b is dependent on sampler S, then a is dependent on sampler S.)
• It is addressed using a sampler-dependent expression in an assignment. (e.g. If a[b] = c and b is dependent on the sampler S, then a is dependent on sampler S.)
• It is a fragment shader varying and the corresponding vertex shader varying is dependent on the sampler S.

A WebGL implementation can create a dependency graph in its GLSL compiler to implement these GLSL constructs. One closely related implementation is described in a wiki page. Features The WebGLRenderingContext's canvas's origin-clean flag is set to false if the context is created with a WebGLContextAttributes dictionary with securitySensitiveDrawingBuffer set to true.

Methods

impl WEBGL_security_sensitive_resources

pub fn create_security_sensitive_framebuffer(&self) -> Option<WebGLFramebuffer>

Behaves like createFramebuffer, except framebuffers created with this function are referred to as security sensitive framebuffers. Framebuffers created with createFramebuffer are referred to as regular framebuffers.

pub fn create_security_sensitive_texture(&self) -> Option<WebGLTexture>

Behaves like createTexture, except textures created with this function are known as security sensitive textures. Textures created with createTexture are known as regular textures.

Trait Implementations

impl AsRef<Reference> for WEBGL_security_sensitive_resources

fn as_ref(&self) -> &Reference

Performs the conversion.

impl Clone for WEBGL_security_sensitive_resources

fn clone(&self) -> WEBGL_security_sensitive_resources

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for WEBGL_security_sensitive_resources

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Extension for WEBGL_security_sensitive_resources

const NAME: &'static str

impl From<WEBGL_security_sensitive_resources> for Reference

fn from(value: WEBGL_security_sensitive_resources) -> Self

Performs the conversion.

impl InstanceOf for WEBGL_security_sensitive_resources

fn instance_of(_reference: &Reference) -> bool

Checks whenever a given Reference if of type Self.

impl JsSerialize for WEBGL_security_sensitive_resources

impl JsSerializeOwned for WEBGL_security_sensitive_resources

fn into_js_owned<'_a>(value: &'_a mut Option<Self>) -> SerializedValue<'_a>

impl<'_r> JsSerializeOwned for &'_r WEBGL_security_sensitive_resources

fn into_js_owned<'_a>(value: &'_a mut Option<Self>) -> SerializedValue<'_a>

impl ReferenceType for WEBGL_security_sensitive_resources

unsafe fn from_reference_unchecked(reference: Reference) -> Self

Converts a given reference into a concrete reference-like wrapper. Doesn't do any type checking; highly unsafe to use!

impl<'_r> TryFrom<&'_r Reference> for WEBGL_security_sensitive_resources

type Error = ConversionError

The type returned in the event of a conversion error.

fn try_from(reference: &Reference) -> Result<Self, Self::Error>

Performs the conversion.

impl<'_r> TryFrom<&'_r Value> for WEBGL_security_sensitive_resources

type Error = ConversionError

The type returned in the event of a conversion error.

fn try_from(value: &Value) -> Result<Self, Self::Error>

Performs the conversion.

impl TryFrom<Reference> for WEBGL_security_sensitive_resources

type Error = ConversionError

The type returned in the event of a conversion error.

fn try_from(reference: Reference) -> Result<Self, Self::Error>

Performs the conversion.

impl TryFrom<Value> for WEBGL_security_sensitive_resources

type Error = ConversionError

The type returned in the event of a conversion error.

fn try_from(value: Value) -> Result<Self, Self::Error>

Performs the conversion.

impl TryFrom<WEBGL_security_sensitive_resources> for Reference

type Error = Void

The type returned in the event of a conversion error.

fn try_from(
    value: WEBGL_security_sensitive_resources
) -> Result<Self, Self::Error>

Performs the conversion.