webcomponents.github.io | WebComponents.org is where community-members | Web Framework library
kandi X-RAY | webcomponents.github.io Summary
kandi X-RAY | webcomponents.github.io Summary
Deprecated. Please see webcomponents/webcomponents.org. WebComponents.org is a place for web component authors to discuss and share best practices, patterns and learning resources.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of webcomponents.github.io
webcomponents.github.io Key Features
webcomponents.github.io Examples and Code Snippets
Community Discussions
Trending Discussions on webcomponents.github.io
QUESTION
I want to use model-viewer or three.js to showcase some of my 3d models on a personal website. In order to display 3d models on the web, the client needs to fetch the files from the server (the 3d mesh and the texture images)
But I don't want my visitors being able to access any of these files. I hope you can point me in the right direction. Here are some ideas I had, but I don't think they'll work:
(1) Using something like crypto-js to encrypt and decrypt files
- But when decrypting files on the frontend aren't users able to decrypt the files, too?
- The key has to be transferred to the frontend code somehow, doesn't it?
(2) Splitting the files up into little pieces and recomposing them on the client
- Same issue as with #1
- The code for recomposition needs to sit on the client and can be used to access the files
When elaborating on those ideas, I am not quite sure if what I am trying to do is even possible
In case it is impossible... is there anything I can do to make it really hard for users to get access to the files?
...ANSWER
Answered 2019-Sep-06 at 18:08The short answer is: If it is on a website, you don't stand a chance to protect it against a determined person with enough time on their hands. The only exception here was made for video-streams, which can use the 'Encrypted Media Extensions' API to get video to the screen without any parts of the browser being able to interact with raw data.
Whatever you do to protect the files, the code to read them needs to be sent to the browser as well. Eventually, the raw data will be somewhere in the memory of the js-runtime where it can be extracted using the built-in debugger. The same goes for any mechanism to somehow encrypt the code. It makes it more difficult, but not impossible. You could use WebAssembly to make that part of the code even harder to reverse-engineer, but I wouldn't need to do that:
In the end, the data needs to get to the webgl-api, so I could just use a browser-extension to intercept the relevant webgl-calls and obtain all the raw data there. You could go on and also encrypt the vertex-data in a way that can be decoded in the vertex-shader, but guess what: I can read the vertex-shader code as well.
And so the list goes on. There just is just no way to do it that cannot be somehow circumvented. But maybe you make it difficult enough for nobody to bother...
For me the most promising options seem to be:
use LoFi or partial models for rendering in the browser alongside renders of the full-resolution model. I've seen that on several sites for downloading CAD-/3D-models. They used merged models, sometimes reduced vertex-count, low-res textures and so on while providing images of what the final result will look like once I paid for it.
make up your own file-format or hide the file-format used in the network-view of the developer-tools. Google maps/earth for instance does that with their 3d-data (they are probably using something based on protobuf, but it's incredibly hard to reverse-engineer)
and yes, I guess you could also use the WebCrypto-API with a pre-shared secret so it is at least not too obvious which of the files contain the 3d-data.
QUESTION
we are trying to make a custom 3D configurator with AR capabilities, but we found out that model-viewer from google is too limited for our needs, so we are doing it in three.js
To use the AR we analyzed the source code and found out that there is a redirect to this link when clicking the model-viewer button:
intent://googlewebcomponents.github.io/model-viewer/examples/assets/Astronaut.glb?link=https%3A%2F%2Fgooglewebcomponents.github.io%2Fmodel-viewer%2Fexamples%2Faugmented-reality.html&title=A%203D%20model%20of%20an%20astronaut
(taken from the Google's example page)
Out first tests made a warning in the console like "Inaccessible Navigation" silently failing. Do you have an idea on what are we doing wrong?
...ANSWER
Answered 2019-Jul-16 at 15:30The link above was wrong. I inspected the source code and find out that the correct one is built like this:
QUESTION
Polymer uses a Shadow DOM for its components as found at docs.
Im investigating a very basic example of Hello-World in github: https://github.com/webcomponents/hello-world-polymer
Im inspecting the demo and I cant find any shadow-root.
I have worked with Polymer and I have used the shadow-root
before, but why theres no shadow-root
for this component? Because of some optimizations?
ANSWER
Answered 2019-Feb-04 at 09:08There is no shadow-root
because they use the polyfilled Shadow DOM for v0 spec and not the current one supported by the browsers (v1).
The demo you provided was built with Polymer 1 (according to hello-world.html
source code since it uses Polymer()
function and the deprecated HTML imports). Polymer 1 was built on top of Web Components v0 specs (Custom Elements v0, Shadow DOM v0 and HTML Imports) which are now deprecated and replaced by Shadow DOM v1 and Custom Elements v1.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install webcomponents.github.io
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page