W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > November 2020

Re: [mediacapture-main] Origin isolation (#529)

From: Martin Thomson via GitHub <sysbot+gh@w3.org>
Date: Fri, 06 Nov 2020 02:57:43 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-722778710-1604631462-sysbot+gh@w3.org>
I think that your notion of tainting isn't sitting right with me.  What happens is that media has an origin and often - but not always - that origin is the same as the page.  If the two are not the same, then the media is unreadable.  This concept exists already for (non-CORS) images and video.  It exists so that media can be obtained, managed, and rendered, while ensuring that cross-origin content cannot be read by pages that show that content.

`canvas.captureStream` fails because the origin-clean status is irrevocable.  That isn't entirely justified, because you could still at least render that content to screen, so failing is probably too hard.  I probably would have had canvas not fail if it weren't for compatibility with existing implementations and the existing functions for accessing canvas content, which fail immediately also.  Of course, content from a non-origin-clean canvas still can't be consumed by anything else, so the utility of such a stream is marginal.

Other sources of media could - at least in theory - change origin and later become readable *to someone*, so they provide a stream.  Take the isolated peerIdentity media as an example: that isn't readable to this page, but it might be readable to `PeerConnection`.  Or video elements, which can change origin as the media can be sourced from different servers over time.

GitHub Notification of comment by martinthomson
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/529#issuecomment-722778710 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 6 November 2020 02:57:45 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:52 UTC