- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Tue, 13 Apr 2021 13:55:50 +0000
- To: public-webrtc-logs@w3.org
> In a scenario when a website can initiate webRTC screen sharing, it is reasonable if this website would want to limit screen sharing only to its own FQDN. > ... their support agents will only see the website contents. They do not want their support agents to accidentally see anything else - neither the full screen of the end user, nor other browser tabs with potentially sensitive information. Ability to limit screen sharing to 'self' or same origin tabs would help. I interpret OP as being satisfied by limiting capture to sites under the capturer's control, which seems satisfied by web-integrated capture in https://github.com/w3c/mediacapture-screen-share/issues/155. If the concern is based around avoiding exposing sensitive information, then relying on *getDisplayMedia* could backfire. E.g. employees may have ~homepages on FQDNs. Browsers have no good way to discern a site wanting to protect its users from its employees, versus a malicious site guiding users to a sensitive-data-rendering attack page. -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/143#issuecomment-818756183 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 13 April 2021 13:55:52 UTC