- From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
- Date: Thu, 11 Aug 2016 16:10:56 +0000
- To: public-media-capture-logs@w3.org
Is there an attack that can be facilitated by "allowusermedia" defaulting to "on" for same-origin iframes? If "yes", I'd want to stick with current language; if "no", I'd be willing to add "with a different origin" in there so that same-origin iframes don't need it. (The case I could think of is where a same-origin iframe is used to include and isolate content from untrusted sites such as ad networks without another level of iframe to isolate it - does this make sense?) -- GitHub Notification of comment by alvestrand Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/268#issuecomment-239209683 using your GitHub account
Received on Thursday, 11 August 2016 16:11:03 UTC