- From: youennf via GitHub <sysbot+gh@w3.org>
- Date: Thu, 01 Sep 2022 11:37:41 +0000
- To: public-webrtc-logs@w3.org
We are adding things like preselecting getDisplayMedia browser tab pane or disabling focus to the captured area. As I said in the past, it would be good to assess and mention the risks of such new features. For instance, these two features might typically ease attacks where the capturer is capturing a tab that is not visible to the user and that it can navigate to arbitrary origins without the user knowing it. It seems we could beef up browser tab risks: - Mention risks specific to tabs. For instance self tab capture is less risky than other same-origin tab capture. - Mention that if a captured tab is navigating to a new origin (or maybe is loading third-party content), it might be good to present this information to the user, maybe temporarily disable capture until user decides what to do with it. IIRC correctly, Chrome is for instance pausing getDisplayMedia capture if the capturing tab is navigating to another domain. Chrome might have more protections like this and it would be good if the Chrome team could document these protections. -- GitHub Notification of comment by youennf Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/211#issuecomment-1234158216 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 1 September 2022 11:37:43 UTC