WebGL is facing a tough future, at least the foreseeable one, now that Microsoft has officially come out and said that it won't be supporting WebGL in Internet Explorer, citing security concerns as the main reason behind this.
Microsoft exemplified this through a number of third-party reports that showed flaws and potential vulnerabilities in WebGL, both at the standard level as well in the actual browser implementations.
The latest is a flaw in Firefox which could enable attackers to retrieve any image used in the browser by getting users to visit a specially-designed website. This flaw will be fixed in Firefox 5, coming a few days from now.
Microsoft explains its main grips with the 3D graphics standard
and concludes that, at least for now, WebGL is too insecure for its standards and that it won't be using it.
"We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities. In its current form, WebGL is not a technology Microsoft can endorse from a security perspective," Microsoft said in a blot post
titled "WebGL Considered Harmful."
"We recognize the need to provide solutions in this space however it is our goal that all such solutions are secure by design, secure by default, and secure in deployment," it added.
Whether WebGL is actually insecure or not is debatable. Clearly, there is still work to be done on the technology and anything that digs this deep into an operating system, in this case by working with the actual video card drivers, is going to pose a risk, especially since drivers are not built with security in mind.
Considering how many bugs video drivers have in general and how unreliable they have proven, there shouldn't be any problems in finding vulnerabilities in them. But those problems lie more with the drivers than with WebGL.
There is another angle to this, WebGL competes, in a way with its own 3D graphics API DirectX, which is a lot more popular on Windows than OpenGL, WebGL's sister standard developed by the same Khronos Group.
That said, Google, Mozilla, Opera and Apple are all supporting WebGL in their browsers, to varying degrees. And the standard has the support of big hardware industry players, Nvidia and AMD among them.
So WebGL is not going anywhere any time soon. It will give developers a tougher time though, considering that the world's most popular browser won't include WebGL for the time being.