Page 1 of 1

WebGL Flaw

PostPosted: Tue May 10, 2011 11:21 am
by kiwi
http://www.contextis.co.uk/resources/blog/webgl/

can you add an option to disable WebGL or to block cross-domain request?

Thanks!

Re: WebGL Flaw

PostPosted: Tue May 10, 2011 2:53 pm
by Giorgio Maone
It's not trivial, since they're seen as normal cross-site image loads.

However, the attack requires JavaScript enabled on the attacker's site, so NoScript already protects against it.

Re: WebGL Flaw

PostPosted: Sat May 14, 2011 1:23 pm
by therube
WebGL & Security

> The blacklist can be deployed daily without a full software update so we can respond rapidly to any issues.

Wonder that might entail as far as the numbers, upkeep, ...