Re: [mediacapture-screen-share] Concern: Availability of getDisplayMedia() in file:// Secure Contexts (#320) from tmpmachine via GitHub on 2025-07-25 (public-webrtc-logs@w3.org from July 2025)

From: tmpmachine via GitHub <noreply@w3.org>
Date: Fri, 25 Jul 2025 03:49:59 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-3116292497-1753415397-noreply@w3.org>

There's an element capture API (RestrictionTarget, https://developer.chrome.com/docs/web-platform/element-capture) that allows recording part of a page. It requires a secure context and can be used on null origins (file://). This means an attacker could pixel-steal file:// iframes even without the element being visible.

-- 
GitHub Notification of comment by tmpmachine
Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/320#issuecomment-3116292497 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 25 July 2025 03:50:00 UTC