- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Fri, 11 Jun 2021 21:05:31 +0000
- To: public-webrtc-logs@w3.org
This would revisit an existing WG decision. Has new information surfaced since https://github.com/w3c/mediacapture-screen-share/pull/32 to consider it? cc @martinthomson > Such a functionality is easy to add As I recall, this was not among the concerns. The concerns, outlined in the [Security and Privacy Questionnaire](https://github.com/w3c/mediacapture-screen-share/blob/gh-pages/questionnaire.md#24-how-does-this-specification-deal-with-sensitive-information), were the security risks of sharing a web surface under attacker control: that it allows active attacks on the same-origin policy. The only hurdle is socially engineering users to select it. > it doesn't seem to be a huge increase in user risk exposure. This stems partly from Chrome already violating the spec's recommendations by neither implementing elevated permissions for web sources specifically nor warning users about their elevated risk. See [crbug 920752](https://bugs.chromium.org/p/chromium/issues/detail?id=920752) for context. -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/184#issuecomment-859910693 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 11 June 2021 21:07:18 UTC