HTML and CSS Reference
In-Depth Information
NOTE
Access the different canvas image filters at HTML5 Rocks at
http://www.html5rocks.com/en/tutori-
WEBGL, VIDEO, AND SECURITY CONCERNS
You might be asking yourself whether there's a 3D context for the
canvas
element. Well, there is:
WebGL.
WebGL is an open source effort managed by the non-profit Khronos Group. It's based on the OpenGL
ES 2.0 specification, and has support in Chrome, Firefox, and development releases of Safari and
Opera.
WebGL is capable of integrating video into its three-dimensional effects. However, recent security
concerns about WebGL has led to recommendations from Context Information Security LTD and the
United States Computer Emergency Readiness Team (US-CERT) to not use WebGL and that people
disable WebGL support in their browsers.
One of the security issues was directly related to the ability to use a
canvas
element that contains
content (image or video) from a domain other than the domain hosting the application, as a WebGL
texture. As a workaround, a new attribute (
crossorigin
) was added to the
video
and
audio
ele-
ments, as well as the
img
element. This attribute basically enables (or disables) the use of a cross-
domain image or video file in WebGL textures, unless the appropriate communication between the
browser and the remote web server occurs, through the concept of Cross-Origin Resource Sharing (or
CORS for short).
The
crossorigin
attribute does not fix the problem that originated the security concern, but sand-
boxes it as a way of hopefully limiting the damage that could be generated by a security breach. It's a
very recent addition to the HTML5 specification that's currently being debated, and may not survive
to the final recommended version of HTML5.
You can find more on WebGL security concerns related to the
canvas
element (and HTML video) at
http://www.contextis.com/resources/blog/webgl/
,
and more on WebGL at
http://www.khronos.org/
.
