- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 3 Sep 2013 14:20:44 +0100
- To: "Robert O'Callahan" <robert@ocallahan.org>
- Cc: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, Dominique Hazael-Massieux <dom@w3.org>, "public-webapps@w3.org" <public-webapps@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On Tue, Sep 3, 2013 at 2:01 PM, Robert O'Callahan <robert@ocallahan.org> wrote: > Yes. For example there are plans to enable some kind of "private mode" for > WebRTC MediaStreams that protects stream contents from inspection by the > page. I don't know exactly how this is going to work, but if we allow > MediaStreams to span domains it may get more complicated. This scenario sounds very different from the one you outline next. > More concretely, > in Gecko we have experimental code to pipe HTML media element output into > MediaStreams, so we already tag MediaStream data with origin information, > but it's implemented in such a way that getUserMedia from one domain would > be restricted in another domain (the other domain could render it in a media > element, but it would be treated as cross-origin and thus would taint > canvases it's drawn into, for example). It's not clear why if as a page I decide to share the MediaStream object I would not want all of that to be shared as I could share all of that regardless, it'd just require more hoops to jump through. > I think it may make sense to provide cross-origin MediaStream transfer at > some point in the future, but I think we have more important things to work > on first. Again, what I'm trying to understand is why we have origin ties in the first place. So far no objects carry origin information in this regard. -- http://annevankesteren.nl/
Received on Tuesday, 3 September 2013 13:21:14 UTC