- From: Elad Alon via GitHub <sysbot+gh@w3.org>
- Date: Fri, 16 Apr 2021 08:40:20 +0000
- To: public-webrtc-logs@w3.org
> If this is the only use-case then the following might suffice: A similar workaround is discussed in [ยง 4.2.1](https://eladalon1983.github.io/mediacapture-screenshot/#workarounds-using-get-display-media) of my proposal. (Section numbering could change over time - I am referring to the section for gDM-based workaround.) I agree that with `getViewportMedia`, that workaround is much improved, but I still think a bespoke API still makes sense - discussed below. > The security properties don't seem significantly different to me. When approving `getViewportMedia`, the user would be giving permission to capture an arbitrary number of frames, and each one is handed off to the application before the user has the time to inspect them, let alone modify them. The application might even capture two radically different frames and present only one of them to the user as a way to mislead them. It would be a shame to "educate" otherwise savvy users, who understand the dangers of approving video-capture of a screen, that "sometimes you simply have to accept video capture." > we'd want to require site-isolation and html-capture opt-in, just the same, I think I will defer taking a strong position here until I've had time to discuss the matter with Chrome Security. Until then, I hope I can convince you that this topic is orthogonal to the questions of (1) desirability and (2) shape of the API. -- GitHub Notification of comment by eladalon1983 Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/160#issuecomment-821019688 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 16 April 2021 08:40:22 UTC