- From: Philip Jägenstedt via GitHub <sysbot+gh@w3.org>
- Date: Fri, 12 Aug 2016 08:36:26 +0000
- To: public-media-capture-logs@w3.org
@alvestrand, I think as long as the condition for when it's not required matches exactly the cases where the iframe could reach out and add the attribute itself, there can be no security issue. So a case where example.com embeds itself in a sandbox would still need to require the `allowusermedia` attribute. The thing is that the change would have to be in HTML's algorithm, and would then apply to `allowfullscreen` as well. I'd be fine with just deferring until an implementer comes along and wants to disable `getUserMedia` in iframes by default, which will flush out all of the other issues. @stefhak, I've filed https://github.com/w3c/permissions/issues/121 to sort out the Permission API wording. -- GitHub Notification of comment by foolip Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/268#issuecomment-239391603 using your GitHub account
Received on Friday, 12 August 2016 08:36:37 UTC