Re: [mediacapture-region] What makes CropTarget special to require an asynchronous creation? (#17)

> If `CropTarget()` is vulnerable to resource exhaustion attacks wouldn't that imply that`CropTarget()' could fail (e.g. due to lack of resources)?  

Causality runs the other way: Letting CropTargets fail allows for implementations vulnerable to exhaustion attacks. Not doing so, doesn't.

A sensible implementation should be invulnerable to resource exhaustion attacks, by simply not tying resources to a token so easily created by anyone.

> Moving some or all resource allocation to `CropTo()` could result in the resource allocation arising later (in `CropTo()` instead of `CropTarget()`).  So depending on where the resource allocation is done, couldn't either or both of `CropTarget()` and `cropTo()` fail,  for similar reasons? 

What resource allocation is needed? A sensible `cropTo` implementation can use IPC to find the element it's supposed to crop to without consuming any finite resources. Also, `cropTo` is behind `getDisplayMedia` permission.

Chrome has implemented a neat but premature optimization, and refuse to implement the fallback needed to hide the resource exhaustion they’ve exposed themselves to.

I don't find the idea that creating a `{}` crop target will ever take appreciable time convincing.

GitHub Notification of comment by jan-ivar
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Tuesday, 5 July 2022 21:17:35 UTC