W3C home > Mailing lists > Public > public-media-capture@w3.org > December 2015

Re: Issue #268: Iframe sandboxing options for gUM

From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Date: Fri, 4 Dec 2015 07:02:39 +0000
To: Martin Thomson <martin.thomson@gmail.com>, Adam Bergkvist <adam.bergkvist@ericsson.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <1447FA0C20ED5147A1AA0EF02890A64B373FE45E@ESESSMB209.ericsson.se>
On 04/12/15 06:04, Martin Thomson wrote:
> The options would seem to be:
>
> 1. do nothing
> 2. add an allow-usermedia label to the sandbox attribute, which would
> block gUM calls if sandboxing was enabled, but leave it enabled
> otherwise
> 3. add a disallow-usermedia label to the sandbox attribute, which
> would block gUM calls only if the attribute and label were present
> 4. disable gUM by default and require the use of a new allow-usermedia
> attribute to enable it
>
> Note that 3 is quite irregular in that the sandbox attribute only has
> "allow-x" labels currently.
>
> I think that 2 is simplest.  It's least disruptive to existing uses,
> while giving sites a way to prevent misuse.  However, 4 is the most
> privacy-preserving and I can see a fairly good argument for it.

This is where I end up too. It would be good to know many apps would 
break by going with 4. If very few, 4 seems most compelling to me, but 
if not 2 seems like the logical path.

>
> Of course, choosing option 2 is easier if we choose option 4 for issue
> #267 (i.e., we key permissions on both top-level and iframe origin).

I agree.

>
> On 3 December 2015 at 22:26, Adam Bergkvist <adam.bergkvist@ericsson.com> wrote:
>> Hi
>>
>> To make the discussion is this issue [1] more visible we move it to the
>> list.
>>
>> [1] https://github.com/w3c/mediacapture-main/issues/268
>>
>
>
Received on Friday, 4 December 2015 07:03:12 UTC

This archive was generated by hypermail 2.3.1 : Friday, 4 December 2015 07:03:13 UTC