W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > December 2015

Re: [mediacapture-main] Iframe sandboxing options for gUM

From: Adam Bergkvist via GitHub <sysbot+gh@w3.org>
Date: Thu, 03 Dec 2015 10:08:40 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-161580134-1449137319-sysbot+gh@w3.org>
>>Seems that people who use the sandbox attribute would care about 
restricting the capabilities of the iframe, so would be happy (?) to 
see usermedia starting out as default off, while people who don't use 
it would perhaps want the default (with no sandbox attribute) to be 
the status quo - that it's allowed on. Would that be the best of all 
possible worlds?

>I think making getUserMedia (and likely, WebRTC) disabled by default 
and reenabled by opt-in in a sandboxed iframe would make sense. But I 
don't think it's sufficient or a "best of all possible" solution.

>From @alvestrand's description above about people that use the sandbox
 attribute and those who don't, is seems that the following would fit.

* no sandbox attribute: enabled (works as before)
* sandbox attribute without "allow-usermedia": disabled
* sandbox attribute with "allow-usermedia": enabled


-- 
GitHub Notification of comment by adam-be
Please view or discuss this issue at 
https://github.com/w3c/mediacapture-main/issues/268#issuecomment-161580134
 using your GitHub account
Received on Thursday, 3 December 2015 10:08:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:28 UTC