pub struct WEBGL_security_sensitive_resources(_);
Expand description
Extension
In the WebGL API 1.0 specification, section 4.2 Origin Restrictions restricts the following sources for texture upload:
- An image or video element whose origin is not the same as the origin of the Document that contains the WebGLRenderingContext’s canvas element.
- A canvas element whose origin-clean flag is set to false.
This extension allows these sources for texture uploads, with some restrictions regarding their uploading and use.
Motivation:
This extension enables the processing of cross-origin resources in WebGL. Additionally, it defines a foundation of concepts that can be used in future extensions to process other types of security sensitive content, including arbitrary HTML content.
For an example of security sensitive content, consider the rendering of an HTML link. The color of the link can indicate its visited or unvisited state. Third parties must not be able to access or infer this information.
Specifically, third parties must not be able read the pixel data of security sensitive content through WebGL or other APIs. Additionally, third parties must not be able to divulge or approximate the pixel data of security sensitive content by timing WebGL operations.
Prior to this extension, WebGL restricted the upload of security sensitive content as a texture for graphical processing. This extension enables the uploading and processing of security sensitive content, with some restrictions. Note that this extension imposes no restrictions on the processing of regular, non-security sensitive content.
To secure a user’s privacy, a WebGL implementation must not leak information about the contents of security sensitive textures through the execution time of its commands. To achieve this, no part of the underlying graphics pipeline may vary in execution time based on the contents of a security sensitive texture. For example, primitive assembly and depth testing must not vary based on the contents of a security sensitive texture.
The vertex shading and fragment shading stages of the graphics pipeline require particular restrictions to keep their execution time independent of the contents of security sensitive textures. Specifically, the contents of a security sensitive texture must only appear in constant-time GLSL operations. A constant-time GLSL operation is an operation whose execution time does not vary based on the values of its operands. This extension will describe how a WebGL implementation can enforce this requirement.
Additionally, this extension attempts to identify non-constant-time GLSL operations. All other GLSL operations are assumed to be constant time in both the WebGL implementation and the underlying GPU implementation. If this assumption is false on a particular implementation, then this extension must be disabled for that implementation. In the future, GPU vendors may be able to provide a mechanism to guarantee that the assumed GLSL operations are in fact constant-time. Definitions
This extension relies on the definition of several constructs in GLSL. These constructs are determined statically, after preprocessing. Regular Sampler Variables and Secure Sampler Variables
S is a regular sampler if an expression dependent on S appears in one or more of the following constructs:
- if statement condition
- selection operator (?) condition
- loop condition
- logical and operator (&&)
- logical or operator (||)
- coord, bias, or lod argument in a texture lookup function call
- assignment to gl_Position
- assignment to gl_FragDepth
Otherwise, S is a secure sampler. Sampler-Dependent Expressions
An expression is dependent on the sampler S if:
- It contains a texture lookup function call with S as the sampler argument.
- It contains an expression that is dependent on the sampler S.
- It contains a variable that is dependent on the sampler S.
Sampler-Dependent Variables
A variable is dependent on the sampler S if:
- It is assigned to an expression dependent on the sampler S. (e.g. If a = b and b is dependent on sampler S, then a is dependent on sampler S.)
- It is addressed using a sampler-dependent expression in an assignment. (e.g. If a[b] = c and b is dependent on the sampler S, then a is dependent on sampler S.)
- It is a fragment shader varying and the corresponding vertex shader varying is dependent on the sampler S.
A WebGL implementation can create a dependency graph in its GLSL compiler to implement these GLSL constructs. One closely related implementation is described in a wiki page. Features The WebGLRenderingContext’s canvas’s origin-clean flag is set to false if the context is created with a WebGLContextAttributes dictionary with securitySensitiveDrawingBuffer set to true.
Implementations
sourceimpl WEBGL_security_sensitive_resources
impl WEBGL_security_sensitive_resources
sourcepub fn create_security_sensitive_framebuffer(&self) -> Option<WebGLFramebuffer>
pub fn create_security_sensitive_framebuffer(&self) -> Option<WebGLFramebuffer>
Behaves like createFramebuffer, except framebuffers created with this function are referred to as security sensitive framebuffers. Framebuffers created with createFramebuffer are referred to as regular framebuffers.
sourcepub fn create_security_sensitive_texture(&self) -> Option<WebGLTexture>
pub fn create_security_sensitive_texture(&self) -> Option<WebGLTexture>
Behaves like createTexture, except textures created with this function are known as security sensitive textures. Textures created with createTexture are known as regular textures.
Trait Implementations
sourceimpl Clone for WEBGL_security_sensitive_resources
impl Clone for WEBGL_security_sensitive_resources
sourcefn clone(&self) -> WEBGL_security_sensitive_resources
fn clone(&self) -> WEBGL_security_sensitive_resources
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresourceimpl From<WEBGL_security_sensitive_resources> for Reference
impl From<WEBGL_security_sensitive_resources> for Reference
sourcefn from(value: WEBGL_security_sensitive_resources) -> Self
fn from(value: WEBGL_security_sensitive_resources) -> Self
sourceimpl InstanceOf for WEBGL_security_sensitive_resources
impl InstanceOf for WEBGL_security_sensitive_resources
sourcefn instance_of(_reference: &Reference) -> bool
fn instance_of(_reference: &Reference) -> bool
Self
.