Re: [mediacapture-screen-share] Avoid Hall-of-Mirrors (#209)

> Obfuscation is great. But it won't eliminate the need for `excludeCurrentTab`

Obfuscation is solving Hall-Of-Mirrors, which the issue is about.
I do not think we should do `excludeCurrentTab` with Hall-Of-Mirrors as the main motivation.
If `excludeCurrentTab` has other benefits, that is fine, let's file a dedicated issue about this idea and detail all its potential benefits and drawbacks.

> 1. What will an application that expects anything-but-current-tab (on Chrome) do when it gets current-tab-but-obfuscated (on Safari)?

Applications will need to deal with this even with `excludeCurrentTab`, say if selecting a window or screen.
Or are you saying `excludeCurrentTab` would forbid user selection of some surfaces? That would be a big change of doctrine.

With regards to security analysis, I think the current tab is a somewhat safer surface than other tabs controlled by the attacker: other tabs can be navigated while being captured, the current tab can only navigate iframes.

GitHub Notification of comment by youennf
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Tuesday, 8 March 2022 08:35:44 UTC