Re: [mediacapture-main] Origin isolation (#529)

> Is "media capture extension" this specification?

No, it's, which this issue has not been transferred to at the time of writing.

> I propose we close this issue for now.

I do worry though that for security reasons, we need to say something about tainting in this spec, since this is where the [model of sources and sinks]( is established, and we have sources that may taint in Otherwise, it falls on every sink defined to not trip over this. We want to avoid another [cr761622](

At minimum I think we need to say that any spec that defines a _sink_ for `MediaStreamTrack`s MUST protect any cross-origin media in it from being exposed to JS, or failing that, decree that `MediaStreamTrack` _sources_ MUST NOT contain cross-origin media, tainted or otherwise. Leaving individual sources and sinks to coordinate every combination of this seems subpar.

GitHub Notification of comment by jan-ivar
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Wednesday, 10 February 2021 22:56:57 UTC