Re: [mediacapture-screen-share] API for Grabbing a Screenshot (#160)

let me try to summarize where I think the contention is:
* gVM clearly can be used as a fallback to generate a screenshot (as @jan-ivar described it through a one-liner), and has the benefit of protecting users from hard-to-understand (and likely hard-to-spot) cross-origin attacks. 
* A dedicated getScreenshot API would allow a different UX which lets users review & redact the screenshot to remove information they know are sensitive or simply not relevant to the screenshot (e.g. imagine screenshotting due to a display bug in a teleconferencing app - no need to send the faces of the participants or their chat messages to report the bug in most cases).

The question is thus whether the risks of a cross-origin attack via a dedicated UX (including a redaction step) are sufficiently limited to make it usable without cross-origin isolation. It's a bit hard to know how willing people would be share screenshots with web sites, but I can easily imagine social engineering based on it.

-- 
GitHub Notification of comment by dontcallmedom
Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/160#issuecomment-824615532 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 22 April 2021 07:37:55 UTC