- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Tue, 14 Jan 2014 14:23:11 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Tim Panton new <thp@westhawk.co.uk>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, public-webrtc <public-webrtc@w3.org>, Alexandre Gouaillard <agouaillard@gmail.com>, Randell Jesup <randell-ietf@jesup.org>
On lun., 2014-01-13 at 10:13 -0800, Martin Thomson wrote: > That's somewhat attractive, but I'm not sure that that is a good idea. > We haven't proven unequivocally that http: pages don't contain > sensitive content. > > Sure, you can argue that there is nothing that an active attacker > can't already get, but that's a little different to what we're getting > here. How about tying this to CORS? If you already grant cross-origin access to your Web content via CORS, can it be inferred you're happy to share its content via screen sharing? Dom
Received on Tuesday, 14 January 2014 13:23:38 UTC