- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Sat, 21 Feb 2015 22:08:54 +1300
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Dominique Hazael-Massieux <dom@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 21 February 2015 at 20:52, Anne van Kesteren <annevk@annevk.nl> wrote: > I skimmed through this, but it seems CanvasCaptureMediaStream has a > security bug. There's only a security check done upon generating the > object, but not afterwards. And actually, reading further it seems a > similar issue is applicable to the media elements as "[c]hanges in the > media element source do not cause the stream to terminate". Thanks for picking that up. In discussion, the conclusion was that streams would not end, but they would not capture any content (i.e., video tracks would start to capture black, and audio streams would capture silence). That, however, was a conclusion made for <video>/<audio>. <canvas> doesn't easily become origin-clean after receiving cross-origin content (though in theory, it can). We could decide to reconsider that decision. Opened: https://github.com/w3c/mediacapture-fromelement/issues/7
Received on Saturday, 21 February 2015 09:09:21 UTC