Re: [mediacapture-region] Why expose produceCropTarget at MediaDevices level? (#11) from Elad Alon via GitHub on 2022-05-06 (public-webrtc-logs@w3.org from May 2022)

From: Elad Alon via GitHub <sysbot+gh@w3.org>
Date: Fri, 06 May 2022 16:26:34 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-1119790283-1651854359-sysbot+gh@w3.org>

> JS can already post element ids between contexts, and is not up for question here

First, Element IDs are guessable.

Second, developers do not necessarily wish to expose the Element ID. (And randomizing an ID goes against the spirit of simplifying things for them.)

Third, that Element IDs and other strings **can** be posted in a message is not the issue.

Introducing an API that operate on a cross-document X, compels Web developers to post X cross-document. This is done with the implicit assumption that X can only be used cross-document for a specific set of mechanisms. An X that is generic **by design** is inherently suspect. A Web developer cannot safely post that, for they do not know what they are effectively permitting one year down the line. Note that it is NOT necessary for the future API be abusive or defective in any way; see further below.

It does not matter if X is a "weak reference" or "element.id + source" or anything else. If it is generic, it acts as a permission-token to allow remote execution of unknown type.

As a concrete albeit absurd example, what if a future mechanism is introduced, that allows a document to set `hidden = true` on a weak-ref? Did the Web developer posting X intend to give other documents permission to toggle that state? No. And why should a developer posting X in the future, wishing to permit toggling `hidden`, also effectively allow cropping? Did they intent that? No.

One may protest that my example is too absurd. Good! I'd welcome that. I'd then remind that, **despite my repeated requests, no hypothetical future mechanism was presented, that would benefit of this generic cross-document-identification mechanism**. So let's please examine such a concrete example. Barring that, I call the wisdom of this discussion into question.

Fourth, this discussion sweeps under the rug our long-running disagreement over produceCropTarget() being asynchronous.

--
GitHub Notification of comment by eladalon1983
Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/11#issuecomment-1119790283 using your GitHub account

--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 6 May 2022 16:26:35 UTC