- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Fri, 03 May 2024 20:45:17 +0000
- To: public-webrtc-logs@w3.org
> I brought up Replit because it was especially interesting: I was developing my own app, which I trust. You're also trusting Replit.com. The web model has to consider malicious sites, and if you're instead using EvilReplit.com your trust is misplaced whether the request came from an embedded "app", "game", "plugin", iframe, or not. Your recording might be streamed to a server without your knowledge any number of ways. Iframes are not an inspectable or secure unit of analysis for the average (non-developer) web user. > Where a site lets third party code invoke getUserMedia(), is there an appropriate hook/event for the site in that promise workflow, for the purposes of implementing a granular scheme? No, there's nothing specific to getUserMedia() here. What I outlined above doesn't require it. > Else, if the appropriate design is that the iframe does not have this permission by default, does an error reach the host document so that it can react as it sees fit? No. The iframed document gets a `NotAllowedError`, but the top-level document doesn't learn about it. Don't figma plugins have some existing way to communicate? -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/991#issuecomment-2093738211 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 3 May 2024 20:45:18 UTC