W3C home > Mailing lists > Public > public-media-capture@w3.org > March 2012

Re: PROPOSAL: Simple image capture API

From: Anant Narayanan <anant@mozilla.com>
Date: Wed, 14 Mar 2012 16:45:23 -0700
Message-Id: <7F09B52F-0577-45C9-9BB1-01A45DC9362E@mozilla.com>
To: public-media-capture@w3.org
On Mar 13, 2012, at 12:28 PM, Travis Leithead wrote:
> Note, there is no way to programmatically invoke the file picker API 
> (<input type=file>) primarily due to security reasons; you don't want
> an attacker to pop that UI up having pre-configured it. Also, such a 
> programmatic method lacks context. Most browsers added "popup blockers" 
> because this type of programming was really annoying users :-)
> Note, browsers will allow "popups" when a user-action started the process 
> under some circumstances (which assumes that there is context for the action).
> Programmatically activating the browser's camera UI via an API seems 
> like a bad idea for similar reasons. I can see that this could be useful
> in a more trusted environment (like an app), but for an untrusted environment
> in a browser, I wouldn't endorse this approach.

That's a good point. Enforcing a check to see if the API call was made as a result of user action adds unnecessary complexity to the implementation.

> If you really need an API, input.click() is not what you want. What you _really_
> want is:
> input.onfilesavailable = function(e) { /* get the Files from e.target.files */ }
> Then just direct the user (via UI) to click on the input element, take a picture, and your 
> code swoops in to process the File objects if you wish.

Ah, indeed. This is a good recommendation to make for web developers who want to get a picture without dealing with media streams.

Received on Wednesday, 14 March 2012 23:45:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:09 UTC