Re: [mediacapture-screen-share] API for Grabbing a Screenshot (#160) from Jan-Ivar Bruaroey via GitHub on 2021-04-16 (public-webrtc-logs@w3.org from April 2021)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Fri, 16 Apr 2021 22:53:22 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-821686240-1618613600-sysbot+gh@w3.org>

> if your position happens to be "I would support this if we just add the requirements of isolation and opt-in," then I would be gratified to hear that explicitly. If that's the case, I think we can set to work on nailing down all of the other details, and leave this one particular topic for later.

As I [stated](https://github.com/w3c/mediacapture-screen-share/issues/160#issuecomment-821562028), *getViewportMedia* seems sufficient to me for this use case. Any benefits of an API that goes even further, while they may be real, seem marginal from where we are today, so I'd suggest we revisit that value proposition once we have *getViewportMedia*.

Since we haven't ironed out COOP+COEP+html-capture yet, I'd like to solidify implementer buy-in around *getViewportMedia* first, so we don't miss that crucial step. That seems to be the hard part that's going to require effort and focus next.

Once we have that investment in place, it seems appropriate to entertain the various new APIs such buy-in enables, without any risk of API shapes ending up implemented with a subset of the necessary requirements.

> The user agent SHOULD inspect the DOM and return a rejected promise if suspicious behavior is detected. Some examples of suspicious behavior include:
> 
>   * An overlaid cross-origin iframe at an opacity that's likely to escape the user's notice.
>   * An overlaid cross-origin iframe displayed inside the viewport using a suspicious size in a way that the user agent suspected might be intended to escape the user's notice.

Thanks for this level of detail! — Unfortunately, I don't think "suspicious behavior" is normatively implementable in a web compatible way. Also, it's probably premature to review PRs for something we haven't achieved rough consensus on. We normally try to arrive at rough consensus before requiring or diving into this level of detail. That said, with site-isolation and opt-in in place, I'm not overly worried about cross-origin iframes, I think.

-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/160#issuecomment-821686240 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 16 April 2021 22:53:24 UTC