- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Wed, 10 Feb 2021 22:56:56 +0000
- To: public-webrtc-logs@w3.org
> Is "media capture extension" this specification? No, it's https://github.com/w3c/mediacapture-extensions, which this issue has not been transferred to at the time of writing. > I propose we close this issue for now. I do worry though that for security reasons, we need to say something about tainting in this spec, since this is where the [model of sources and sinks](https://github.com/w3c/mediacapture-extensions/issues/16#issuecomment-768376766) is established, and we have sources that may taint in https://github.com/w3c/mediacapture-fromelement/issues/83. Otherwise, it falls on every sink defined to not trip over this. We want to avoid another [cr761622](https://crbug.com/761622). At minimum I think we need to say that any spec that defines a _sink_ for `MediaStreamTrack`s MUST protect any cross-origin media in it from being exposed to JS, or failing that, decree that `MediaStreamTrack` _sources_ MUST NOT contain cross-origin media, tainted or otherwise. Leaving individual sources and sinks to coordinate every combination of this seems subpar. -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/529#issuecomment-777090907 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 10 February 2021 22:56:57 UTC