[mediacapture-screen-share] ensure that a tab selected by the user is what an app really supposed to share (#143) from ikasantsev via GitHub on 2020-08-05 (public-webrtc@w3.org from August 2020)

From: ikasantsev via GitHub <sysbot+gh@w3.org>
Date: Wed, 05 Aug 2020 16:21:27 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-673679472-1596644486-sysbot+gh@w3.org>

ikasantsev has just created a new issue for https://github.com/w3c/mediacapture-screen-share:

== ensure that a tab selected by the user is what an app really supposed to share ==
Apologies if it was already discussed previously. 

What would be a recommended way to verify that the visitor did not accidentally or intentionally selected a tab with an inappropriate contents? In a scenario when a website can initiate webRTC screen sharing, it is reasonable if this website would want to limit screen sharing only to its own FQDN.

It would help if a browser display surface could be further limited to a FQDN or FQDN list, or to 'self' only. It could be done with a declarative CSP like 

`
Content-Security-Policy: screen-sharing-allow-uri 'self'
`

or with a declarative constraint, e.g.:

`            video: {
                displaySurface: 'browser',
                logicalSurface: true,
                cursor: 'always',
                allowedURI: 'self'
            }
`

If this is not possible or desirable, it could be done with some kind of active filtering like an event requested in https://github.com/w3c/mediacapture-screen-share/issues/83.

Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/143 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 5 August 2020 16:21:31 UTC