- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Thu, 02 Sep 2021 23:57:40 +0000
- To: public-webrtc-logs@w3.org
@alvestrand and @eladalon1983 suggested some UX mitigations this morning that might let us move forward here. The spec could strongly recommend that user agents: 1. Remove the requesting tab from the list of available `"browser"` sources, or hide/warn/discourage picking it. 2. Remove the requesting tab's window from the list of available `"window"` sources, or hide/warn/discourage picking it. This would by no means be a catch-all — same-origin documents may lurk in other tabs and tabs' BFCache — but should preserve the social engineering obstacle to basic click-through [active attacks](https://blog.mozilla.org/webrtc/share-browser-windows-entire-screen-sites-trust/). Self-capture use cases typically don't want a picker anyway, and will be best served by `getViewportMedia` https://github.com/w3c/mediacapture-screen-share/issues/155. -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/184#issuecomment-912139174 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 2 September 2021 23:57:42 UTC