- From: Elad Alon via GitHub <sysbot+gh@w3.org>
- Date: Wed, 05 Jan 2022 23:24:38 +0000
- To: public-webrtc-logs@w3.org
> > We should aim at decoupling as much as possible capturer and capturee through a standard API. > > Capturee can declare regions of interest through an API a la CaptureHandle, with the same origin protection mechanism. > > Capturer would get and use that information from the MediaStreamTrack object itself. > > I'd prefer tight coupling here, otherwise sites could exploit this to protect themselves against capture. E.g. a bank site saying: please capture this nice 8x8 pixel gray element I created, instead of the user's full accounts transactions page. How would `Arbitrary-VC-App` get this crop-ID from `Hypothetical-Bank`? Why would it pay any attention to that message? For the message to be sent and received between two cross-origin documents, there needs to be collaboration and trust. A message is sent from one side, and is picked up by a handler that is explicitly registered by the other side. The receiver would have to trust the sender enough to (i) listen to the message and (ii) act according to the message. This wouldn't just happen between arbitrary documents. Or what am I missing? -- GitHub Notification of comment by eladalon1983 Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/195#issuecomment-1006156357 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 5 January 2022 23:24:40 UTC