1. paulm187's Avatar

    The HTML5 test - How well does your browser support HTML5?

    Two upcoming mobile platforms have arrived on the HTML5 test site and both scored impressive results. HTML5test.com is used as a benchmark to show how specific browsers support HTML5 specifications (tablets, mobile phones, televisions and desktop). Under the development or beta in mobile phones are RIMs BlackBerry 10 and Microsofts Windows Phone 8....

    BlackBerry 10 and Windows Phone 8 show up on HTML 5 test site | MobileSyrup.com
    03-27-2012 02:47 PM
  2. Exomondo's Avatar
    Looks like it's on the right path. Still unfortunate that it isn't supporting WebGL, that could become problematic for the platform. I understand taking a side on the H264 vs WebM side but as far as WebGL goes it's becoming a defacto standard implemented by all other browsers. Sure there is the plugin for it on desktop IE but that leaves WP as the only platform out in the cold on WebGL.
    03-27-2012 05:05 PM
  3. paulm187's Avatar
    Microsoft wont support WebGL in its current form due to security concerns.

    Interesting article on the security issues
    03-27-2012 06:05 PM
  4. Exomondo's Avatar
    Microsoft wont support WebGL in its current form due to security concerns.

    Interesting article on the security issues
    There is some validity to the claims:
    DOS attacks - Much like the hanging javascripts that can freeze your browser this is a valid concern, in fact it's probably the most valid out of the article. But of course extensions are being put in place to avoid it and there is certain baseline validation that the browser could do to avoid it (i believe khronos is doing work with GL extensions to mitigate such things also).

    Kernel-level driver exploit - Whilst there is theoretically potential for this to happen, and it's not limited to web attacks, any malware could do it, yet we have - to my knowledge - never seen any malware using such a technique. It sounds like an ideal target target, 'being able to execute in kernel-space using shaders' but the fact is shader compilers are in userspace and the compiled code is then executed on the GPU, making it a highly uneconomical target. You need the compiler to still compile the program and then for the particular driver you are using to have a bug that you can exploit during shader execution, I'm not saying it can't be done but we've had programmable shaders for well over a decade and so far it hasn't been done - to any effect at least.
    The reality is you'd probably exhaust the search for browser sandbox bugs before you even considered this kind of attack.

    Cross domain image theft - This has been addressed in the spec, cross domain textures are not allowed and use of CORS is recommended if you want to do such things.

    WebGL has been implemented commonly for some time now and we haven't seen any of these issues arise in the real world, not to say they aren't valid concerns but there are plenty of valid concerns for other implemented technologies and we don't just 'not use them'.
    I would suggest MS doesn't want a boatload of programmers getting comfortable with OpenGL concepts and syntax, sure they could translate everything to DirectX behind the scenes but what would be the point of that? Just use OpenGL, but MS won't choose OpenGL over DirectX unless they are absolutely forced to. Progammable shaders have proven to be a fantastic technology, the above concerns are certainly not justification for throwing that flexibility away in favor of inferior HTML technologies.

    Full disclosure: ContextIS was contracted by Microsoft to put that together.
    03-28-2012 06:15 PM

Tags for this Thread