[x3d-public] Hyperlink and form support
Albert Jan Wonnink
awonnink at hotmail.com
Mon Dec 17 15:58:52 PST 2018
Hi Leonard,
I agree that the security issue considerations within 3D will be really important to address. Currently in 2D we can know to thrust a site only because there is a part of the browser window that cannot be written (and thereby faked) by html showing us the domain and certificate info. Most VR/AR glasses nowadays do not have something that can be used for this, as far as I know.
To address this for the time being I think I think it would not be too difficult to allow 2D sites to opt-in or opt-out for use within 3D environments in general, or to be used only within the given domain, by using some tag in the header.
I can also imagine some browser switch, which you can set to go into 'shopping mode', thereby disallowing cross origin content throughout the 2D and 3D parts.
My feeling is that the JavaScript security issue could be handled in a more or less similar way as current 2D browsers already do for different tabs and windows, keeping the JavaScript strictly sandboxed within the domain the part is showing (even for screen grabbing). And also resources can maybe handled in a similar way as is currently the case for 2D. But probably one will also need a notion of the 'active' window that can be chosen, if only for text input.
I would regret if indeed your first scenario (showing multiple domain content) would be disallowed. It greatly reduces the possibilities within the 3D browser. It would be better to tackle the security issues in another way, and only apply restrictions when really necessary.
Albert Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20181217/343cc1aa/attachment.html>
More information about the x3d-public
mailing list