WebGL
Encyclopedia
WebGL is a software library that extends the capability of the JavaScript
programming language to allow it to generate interactive 3D graphics within any compatible web browser
. WebGL code executes on a computer display card's Graphics Processing Unit
(GPU), which must support shader
rendering.
WebGL is a context of the canvas HTML element that provides a 3D computer graphics API
without the use of plug-ins. The specification was released as version 1.0 on March 3, 2011. WebGL is managed by the non-profit
Khronos Group
.
and provides an API for 3D graphics. It uses the HTML5 canvas element and is accessed using Document Object Model
interfaces. Automatic memory management
is provided as part of the JavaScript
language.
technology consortium
Khronos Group
. The WebGL working group
includes Apple, Google
, Mozilla
, and Opera
. The chair of the working group is Ken Russell.
at Mozilla
. Vukićević first demonstrated a Canvas 3D prototype in 2006. By the end of 2007, both Mozilla and Opera had made their own separate implementations.
In early 2009 Mozilla and Khronos started the WebGL Working Group. Version 1.0 of the WebGL specification was released March 2011. WebGL was postulated to have critical security vulnerabilities in May 2011, which would allow denial of service and cross scripting attacks.
Notable early applications include Google Body
.
Later, based on this report, the United States Computer Emergency Readiness Team
(US-CERT) issued a warning that "WebGL contains multiple significant security issues. The impact of these issues includes arbitrary code execution, denial of service, and cross-domain attacks." US-CERT also encouraged "users and administrators to review the Context report and disable WebGL to help mitigate the risks."
The Khronos Group
, an API design consortium which includes Mozilla and Google, responded to the concern by suggesting possible solutions and a future development approach. After reviewing the Context report, Mozilla decided to disable support for cross-domain images in Firefox; meanwhile, the Khronos Group has been updating the WebGL specification to enhance protection against denial-of-service and cross-origin resource sharing attacks. At this time, the proposed solutions are still in development, and not ubiquitously deployed by GPU vendors.
Context was not satisfied with the Khronos Group's approach of incrementally fixing WebGL and described the method as not addressing the design flaw. In a follow-up report, Context provided more demonstrations of security vulnerabilities in the latest WebGL implementations on multiple platforms. Symptoms ranged from system crashing to screenshot leaking. They continued to question whether WebGL "was specified, designed and implemented with security in mind".
In June 2011, Microsoft announced that they could not endorse WebGL in its current form from a security perspective. Analysis performed by its MSRC Engineering team concluded that WebGL support in Microsoft products would have difficulty in meeting the requirements of the Security Development Lifecycle, the software security standards internally enforced in Microsoft. Specifically, Microsoft cited overly permissive exposure of hardware functionality, heavy reliance on third parties to secure web experience, and unproven denial-of-service protection capabilities as their key concerns.
Apple has indicated that they will not open WebGL to general Internet pages in iOS 5. WebGL will only be available through iAds which needs to go through approval for each implementation by Apple.
Notable independent graphic and security experts have weighed in reinforcing that WebGL is a severe security risk and will be hard to secure, including John Carmack
and Dan Kaminsky
.
Mozilla's vice president of technical strategy Mark Shaver rejected Microsoft's criticism. In a blog post, he wrote that Mozilla was working to address issues in the WebGL specification and Firefox's implementation. He emphasized that the web needs 3D capabilities and claimed that security issues are a natural part of a new technology. He commended Microsoft's work on the Direct3D
API used in Silverlight 5, which he considered robust, but added that the same technology could be carried over to a Microsoft implementation of WebGL.
, C3DL, Copperlicht, SpiderGL, PhiloGL, gwt-g3d – G3D (WebGL wrapper) for GWT (Google Web Toolkit), SceneJS, X3DOM, Oak3D
, Processing.js
, Three.js, Turbulenz, OSGJS, XB PointStream and CubicVR.js.
or Autodesk Maya. The scenes are then exported to WebGL. This was first possible with Inka3D, a WebGL export plugin for Maya.
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
programming language to allow it to generate interactive 3D graphics within any compatible web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
. WebGL code executes on a computer display card's Graphics Processing Unit
Graphics processing unit
A graphics processing unit or GPU is a specialized circuit designed to rapidly manipulate and alter memory in such a way so as to accelerate the building of images in a frame buffer intended for output to a display...
(GPU), which must support shader
Shader
In the field of computer graphics, a shader is a computer program that is used primarily to calculate rendering effects on graphics hardware with a high degree of flexibility...
rendering.
WebGL is a context of the canvas HTML element that provides a 3D computer graphics API
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
without the use of plug-ins. The specification was released as version 1.0 on March 3, 2011. WebGL is managed by the non-profit
Non-profit organization
Nonprofit organization is neither a legal nor technical definition but generally refers to an organization that uses surplus revenues to achieve its goals, rather than distributing them as profit or dividends...
Khronos Group
Khronos Group
The Khronos Group is a not-for-profit member-funded industry consortium based in Beaverton, Oregon, focused on the creation of open standard, royalty-free APIs to enable the authoring and accelerated playback of dynamic media on a wide variety of platforms and devices...
.
Design
WebGL is based on OpenGL ES 2.0OpenGL ES
OpenGL for Embedded Systems is a subset of the OpenGL 3D graphics application programming interface designed for embedded systems such as mobile phones, PDAs, and video game consoles. OpenGL ES is managed by the not-for-profit technology consortium, the Khronos Group, Inc.- Versions :Several...
and provides an API for 3D graphics. It uses the HTML5 canvas element and is accessed using Document Object Model
Document Object Model
The Document Object Model is a cross-platform and language-independent convention for representing and interacting with objects in HTML, XHTML and XML documents. Aspects of the DOM may be addressed and manipulated within the syntax of the programming language in use...
interfaces. Automatic memory management
Garbage collection (computer science)
In computer science, garbage collection is a form of automatic memory management. The garbage collector, or just collector, attempts to reclaim garbage, or memory occupied by objects that are no longer in use by the program...
is provided as part of the JavaScript
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
language.
Desktop Browsers
- Mozilla FirefoxMozilla FirefoxMozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...
- WebGL has been enabled on all platforms that have a capable graphics card with updated drivers since version 4.0. - Google ChromeGoogle ChromeGoogle Chrome is a web browser developed by Google that uses the WebKit layout engine. It was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008. The name is derived from the graphical user interface frame, or...
- WebGL has been enabled on all platforms that have a capable graphics card with updated drivers since version 9. - SafariSafari (web browser)Safari is a web browser developed by Apple Inc. and included with the Mac OS X and iOS operating systems. First released as a public beta on January 7, 2003 on the company's Mac OS X operating system, it became Apple's default browser beginning with Mac OS X v10.3 "Panther". Safari is also the...
- Safari 5.1 installed on Mac OS X LionMac OS X LionMac OS X Lion is the eighth and current major release of Mac OS X, Apple's desktop and server operating system for Macintosh computers....
has support for WebGL, which is disabled by default. - OperaOpera (web browser)Opera is a web browser and Internet suite developed by Opera Software with over 200 million users worldwide. The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail messages, managing contacts, chatting on IRC, downloading files via BitTorrent,...
- WebGL has been implemented by Opera in the latest Opera 12 pre-release snapshots. - Internet ExplorerInternet ExplorerWindows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
- Microsoft has not announced any plans to officially support WebGL. The Chrome Frame and IEWebGL plugins provide options to add support for WebGL to Internet Explorer.
Mobile Browsers
- Nokia N900Nokia N900The Nokia N900 is a smartphone made by Nokia. It supersedes the Nokia N810. Its default operating system, Maemo 5, is a Linux-based OS originally developed for the Nokia 770 Internet Tablet. It is the first Nokia device based upon the Texas Instruments OMAP3 microprocessor with the ARM Cortex-A8...
- WebGL is available in the PR1.2 firmware update. - BlackBerry PlayBookBlackBerry PlayBookThe BlackBerry PlayBook is a tablet computer by Research In Motion , best known for the BlackBerry smartphone. It competes against Apple's iPad and a slew of Android-powered tablets....
- WebGL is available via WebWorks in PlayBook OS 2.0 - Firefox for mobile - WebGL is available for Android devices in unstable builds since early 2011.
- The Sony Ericsson Xperia range of Android smartphones have had WebGL capabilities following a firmware upgrade.
Development
WebGL is managed by the non-profitNon-profit organization
Nonprofit organization is neither a legal nor technical definition but generally refers to an organization that uses surplus revenues to achieve its goals, rather than distributing them as profit or dividends...
technology consortium
Consortium
A consortium is an association of two or more individuals, companies, organizations or governments with the objective of participating in a common activity or pooling their resources for achieving a common goal....
Khronos Group
Khronos Group
The Khronos Group is a not-for-profit member-funded industry consortium based in Beaverton, Oregon, focused on the creation of open standard, royalty-free APIs to enable the authoring and accelerated playback of dynamic media on a wide variety of platforms and devices...
. The WebGL working group
Working group
A working group is an interdisciplinary collaboration of researchers working on new research activities that would be difficult to develop under traditional funding mechanisms . The lifespan of the WG can last anywhere between a few months and several years...
includes Apple, Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
, Mozilla
Mozilla Foundation
The Mozilla Foundation is a non-profit organization that exists to support and provide leadership for the open source Mozilla project. The organization sets the policies that govern development, operates key infrastructure and controls trademarks and other intellectual property...
, and Opera
Opera Software
Opera Software ASA is a Norwegian software company, primarily known for its Opera family of web browsers with over 220 million users worldwide. Opera Software is also involved in promoting Web standards through participation in the W3C. The company has its headquarters in Oslo, Norway and is...
. The chair of the working group is Ken Russell.
History
WebGL grew out of the Canvas 3D experiments started by Vladimir VukićevićVladimir Vukićević
Vladimir Vukićević, born April 29, 1979, is an American-Serbian software engineer who has worked on many open source projects. He is known mostly for his work on open source graphics libraries, including those used in the Mozilla project....
at Mozilla
Mozilla Foundation
The Mozilla Foundation is a non-profit organization that exists to support and provide leadership for the open source Mozilla project. The organization sets the policies that govern development, operates key infrastructure and controls trademarks and other intellectual property...
. Vukićević first demonstrated a Canvas 3D prototype in 2006. By the end of 2007, both Mozilla and Opera had made their own separate implementations.
In early 2009 Mozilla and Khronos started the WebGL Working Group. Version 1.0 of the WebGL specification was released March 2011. WebGL was postulated to have critical security vulnerabilities in May 2011, which would allow denial of service and cross scripting attacks.
Notable early applications include Google Body
Google Body
Google Body was a web application that presents 3D anatomical models of the human body. Several layers from muscle tissues down to blood vessels can be made transparent to allow better study of individual body parts. Most of the body parts are labeled....
.
Tutorials
There are tutorials for WebGL at the Mozilla Developer Network and Learning WebGL.Security
In May 2011, security firm Context Information Security published a report that elaborated on a number of security issues present in current Google Chrome and Mozilla Firefox WebGL implementations and inherent to the WebGL specification. According to the report, WebGL fundamentally allows Turing-complete programs originating from the Internet to reach kernel-mode graphics drivers and graphics hardware. The report also provided references to example exploits of the security issues capable of causing denial of service and cross-domain image theft. The report concluded that "browsers that enable WebGL by default put their users at risk to these issues."Later, based on this report, the United States Computer Emergency Readiness Team
United States Computer Emergency Readiness Team
The United States Computer Emergency Readiness Team is part of the National Cyber Security Division of the United States' Department of Homeland Security....
(US-CERT) issued a warning that "WebGL contains multiple significant security issues. The impact of these issues includes arbitrary code execution, denial of service, and cross-domain attacks." US-CERT also encouraged "users and administrators to review the Context report and disable WebGL to help mitigate the risks."
The Khronos Group
Khronos Group
The Khronos Group is a not-for-profit member-funded industry consortium based in Beaverton, Oregon, focused on the creation of open standard, royalty-free APIs to enable the authoring and accelerated playback of dynamic media on a wide variety of platforms and devices...
, an API design consortium which includes Mozilla and Google, responded to the concern by suggesting possible solutions and a future development approach. After reviewing the Context report, Mozilla decided to disable support for cross-domain images in Firefox; meanwhile, the Khronos Group has been updating the WebGL specification to enhance protection against denial-of-service and cross-origin resource sharing attacks. At this time, the proposed solutions are still in development, and not ubiquitously deployed by GPU vendors.
Context was not satisfied with the Khronos Group's approach of incrementally fixing WebGL and described the method as not addressing the design flaw. In a follow-up report, Context provided more demonstrations of security vulnerabilities in the latest WebGL implementations on multiple platforms. Symptoms ranged from system crashing to screenshot leaking. They continued to question whether WebGL "was specified, designed and implemented with security in mind".
In June 2011, Microsoft announced that they could not endorse WebGL in its current form from a security perspective. Analysis performed by its MSRC Engineering team concluded that WebGL support in Microsoft products would have difficulty in meeting the requirements of the Security Development Lifecycle, the software security standards internally enforced in Microsoft. Specifically, Microsoft cited overly permissive exposure of hardware functionality, heavy reliance on third parties to secure web experience, and unproven denial-of-service protection capabilities as their key concerns.
Apple has indicated that they will not open WebGL to general Internet pages in iOS 5. WebGL will only be available through iAds which needs to go through approval for each implementation by Apple.
Notable independent graphic and security experts have weighed in reinforcing that WebGL is a severe security risk and will be hard to secure, including John Carmack
John Carmack
John D. Carmack II is an American game programmer and the co-founder of id Software. Carmack was the lead programmer of the id computer games Commander Keen, Wolfenstein 3D, Doom, Quake, Rage and their sequels....
and Dan Kaminsky
Dan Kaminsky
Dan Kaminsky is an American security researcher. He formerly worked for Cisco, Avaya, and IOActive, where he was the Director of Penetration Testing...
.
Mozilla's vice president of technical strategy Mark Shaver rejected Microsoft's criticism. In a blog post, he wrote that Mozilla was working to address issues in the WebGL specification and Firefox's implementation. He emphasized that the web needs 3D capabilities and claimed that security issues are a natural part of a new technology. He commended Microsoft's work on the Direct3D
Direct3D
Direct3D is part of Microsoft's DirectX application programming interface . Direct3D is available for Microsoft Windows operating systems , and for other platforms through the open source software Wine. It is the base for the graphics API on the Xbox and Xbox 360 console systems...
API used in Silverlight 5, which he considered robust, but added that the same technology could be carried over to a Microsoft implementation of WebGL.
Developer libraries
There are several libraries for WebGL development. The WebGLU library was the first to be made publicly available. Other libraries incorporating WebGL include GLGEGLGE (programming library)
GLGE is a programming library for use with WebGL and JavaScript.GLGE is a JavaScript library intended to ease the use of WebGL; which is basically a native browser JavaScript API giving direct access to OpenGL ES 2, allowing for the use of hardware accelerated 2D/3D applications without having to...
, C3DL, Copperlicht, SpiderGL, PhiloGL, gwt-g3d – G3D (WebGL wrapper) for GWT (Google Web Toolkit), SceneJS, X3DOM, Oak3D
Oak3D
- General Informaition :Oak3D is a free JavaScript library for 3D graphics development based on the HTML5 WebGL standard, dedicated in realizing the Web3D applications with GPU acceleration for all the front-end developers in an easy and efficient way....
, Processing.js
Processing.js
Processing.js is a JavaScript port of Processing, a programming language designed to write visualizations, images, and interactive content. It allows web browsers to display animations, visual applications, games and other graphical rich content without the need for a Java applet or Flash...
, Three.js, Turbulenz, OSGJS, XB PointStream and CubicVR.js.
Content creation
A way for artists to create WebGL scenes without programming is to use a content creation tool such as BlenderBlender (software)
Blender is a free and open-source 3D computer graphics software product used for creating animated films, visual effects, interactive 3D applications or video games. The current release version is 2.60, and was released on October 19, 2011...
or Autodesk Maya. The scenes are then exported to WebGL. This was first possible with Inka3D, a WebGL export plugin for Maya.
External links
- WebGL Preview
- www.DoesMyBrowserSupportWebGL.com
- WebGL Demo from Google Chromium
- WebGL Demo from Google Chromium (old site)
- EndlessForms.com See the power of WebGL by comparing this site (where you can evolve objects) in Chrome and Safari.
- Sand Toy: Particle Physics An example of doing particle physics on the GPU using a shader.