- From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
- Date: Thu, 22 Apr 2021 07:37:52 +0000
- To: public-webrtc-logs@w3.org
let me try to summarize where I think the contention is: * gVM clearly can be used as a fallback to generate a screenshot (as @jan-ivar described it through a one-liner), and has the benefit of protecting users from hard-to-understand (and likely hard-to-spot) cross-origin attacks. * A dedicated getScreenshot API would allow a different UX which lets users review & redact the screenshot to remove information they know are sensitive or simply not relevant to the screenshot (e.g. imagine screenshotting due to a display bug in a teleconferencing app - no need to send the faces of the participants or their chat messages to report the bug in most cases). The question is thus whether the risks of a cross-origin attack via a dedicated UX (including a redaction step) are sufficiently limited to make it usable without cross-origin isolation. It's a bit hard to know how willing people would be share screenshots with web sites, but I can easily imagine social engineering based on it. -- GitHub Notification of comment by dontcallmedom Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/160#issuecomment-824615532 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 22 April 2021 07:37:55 UTC