- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Mon, 13 Jun 2022 20:08:31 +0000
- To: public-webrtc-logs@w3.org
We've already agreed to discuss bulletpoint 2 in https://github.com/w3c/mediacapture-region/issues/55 not here, so let's stick to that. Input type validation is irrelevant here. This issue is about failing *generation* due to resource allocation, as described in PR https://github.com/w3c/mediacapture-region/pull/47, from which this issue was opened.
> Creating a `{}` crop target should not fail, because it would be premature to allocate cropping resources at this point
Allowing random JS in would-be-captured documents to exhaust cropping resources seems highly problematic:
- It's [action at a distance](https://en.wikipedia.org/wiki/Action_at_a_distance_%28computer_programming%29), allowing JS libraries unrelated to cropping to DoS attack cropping without user permission
- Defeating cropping may expose user information in unsuspecting poorly-written apps, creating a privacy footgun
- Resource allocation this early is inherently unnecessary, a gamble, a premature optimization to avoid IPC in cropTo
DoS is easily avoided by simply doing IPC and resource allocation in cropTo. With that baseline, any earlier resource allocation is purely UA optimization, whose cost and complexity should be contained to said UA, within the existing API.
--
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/48#issuecomment-1154379528 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 13 June 2022 20:08:33 UTC