W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > December 2017

Re: [mediacapture-fromelement] Address information leak of :visited styles and disclosure of shadow DOM contents

From: arturjanc via GitHub <sysbot+gh@w3.org>
Date: Mon, 11 Dec 2017 14:14:53 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-350735701-1513001692-sysbot+gh@w3.org>
> I'm not quite certain about the mechanics of this issue. Could you clarify?

If a `<video>` element contains a `<track kind="subtitles">` and that subtitle track adds a subtitle with HTML markup, would the `MediaStream` returned by `captureStream()` on the video element include the text of the subtitles?

If yes, and if the subtitle markup contained a link (which, again, I'm not sure if current implementations support), would the color of the link inside the MediaStream correspond to the actual color the user sees, or to the color reported by `LinkElement.style.color` (which maybe be purposefully different than what the user sees to prevent the `:visited` infoleak)?

Basically, my concern is that because browsers prevent scripts from obtaining some information about what the page actually looks like (e.g. the real color with which a link is rendered), then an API which returned a MediaStream of the pixels displayed on the user's screen as a result of rendering a DOM element (e.g. `<video>`) might need to take this into account and prevent the exposure of such information.

It's definitely possible that I'm misunderstanding the API though, so if it's not susceptible to this problem, it would be good to know, and possibly make this explicit in the spec.

GitHub Notification of comment by arturjanc
Please view or discuss this issue at https://github.com/w3c/mediacapture-fromelement/issues/69#issuecomment-350735701 using your GitHub account
Received on Monday, 11 December 2017 14:14:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:33 UTC