Re: [mediacapture-region] Should generation of CropTarget from elements be able to fail? (#48)

We've already agreed to discuss bulletpoint 2 in not here, so let's stick to that. Input type validation is irrelevant here. This issue is about failing *generation* due to resource allocation, as described in PR, from which this issue was opened.

> Creating a `{}` crop target should not fail, because it would be premature to allocate cropping resources at this point

Allowing random JS in would-be-captured documents to exhaust cropping resources seems highly problematic:
- It's [action at a distance](, allowing JS libraries unrelated to cropping to DoS attack cropping without user permission
- Defeating cropping may expose user information in unsuspecting poorly-written apps, creating a privacy footgun
- Resource allocation this early is inherently unnecessary, a gamble, a premature optimization to avoid IPC in cropTo

DoS is easily avoided by simply doing IPC and resource allocation in cropTo. With that baseline, any earlier resource allocation is purely UA optimization, whose cost and complexity should be contained to said UA, within the existing API.

GitHub Notification of comment by jan-ivar
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Monday, 13 June 2022 20:08:33 UTC