- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 22 Mar 2013 10:10:36 -0700
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: "Cullen Jennings (fluffy)" <fluffy@cisco.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>, "public-webrtc@w3.org" <public-webrtc@w3.org>
The other day Matthew suggested that his best solution for employee motivation was to release a hungry lion into the office at random times. The more I think on the subject, the more this seems that this is exactly what we are doing. On 22 March 2013 07:17, Eric Rescorla <ekr@rtfm.com> wrote: > This doesn't sound very implementable. First, if you're sharing primarily by > pixel > capturing out of the window, trying to figure out which pixels represent > which > origins is going to be a huge pain for the implementor. Second, many sites > as a practical matter are composed of content from multiple origins > (images out of a CDN, domain sharding, etc.) The result of what you propose > is going to be that such sites will not render properly when shared. I > suspect that sites will simply ask for "The browser". The modern web reality is that any one page consists of content from many different sources, so restricting to one source is impractical. >From an implementation perspective, it might be possible to restrict to untainted content (the content that the page origin can access), but that would probably result in something that is virtually useless. Just like that interesting (redacted) document that contains (redacted). I suggested to EKR that perhaps we could devise an opt-out for truly sensitive information using Frame-Options so that sensitive content could be hidden, but even that seems a little weak.
Received on Friday, 22 March 2013 17:11:04 UTC