- From: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
- Date: Tue, 13 Oct 2020 05:39:55 +1100
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: public-webrtc <public-webrtc@w3.org>
- Message-ID: <CAHp8n2nve7edUqu_MYpDjbJRvOs7thCBcL=FOrs3DNDh_bMhWQ@mail.gmail.com>
On Mon, Oct 12, 2020, 10:23 PM Harald Alvestrand <harald@alvestrand.no> wrote: > > On 10/8/20 10:49 PM, Jan-Ivar Bruaroey wrote: > > On 10/8/20 3:56 PM, Sergio Garcia Murillo wrote: > > On 08/10/2020 21:36, Jan-Ivar Bruaroey wrote: > > > 2. Is the goal performance? E.g. is recording a web conference call using > canvas.captureStream prohibitive? > > canvas.captureStream is not a viable option at all, the idea is to be able > to capture all the richness of a css+js UI interface, not to have to re > implement all of it manually (or via webgl). > > So the use case is recording a web conference call? > > The primary use case is to share a tab that contains conferencing code + > displaying information in the form of complex Web content. One example is > projecting a Google Docs presentation into a conference; if the page > displaying the presentation also contains conferencing code, it can capture > itself and send itself to the conference. > > For the use case of conference calls, where all the interesting content is > already in audio/video form, we have adequate ways of recording them. > Would it be able to share itself into any Webrtc call or just into a specific app? This sounds appealing until I consider the limitations. The user would have > to: > > 1. avoid resizing the window for the entire call > 2. avoid PMing participants during the call, unless they want the > private conversation included in the recording > 3. avoid visiting the site's settings/options/speaker-notes panels or > otherwise accidentally sharing things > 4. avoid any participant action they wouldn't be comfortable with > including in the recording, like focusing on another participant > > It'd basically record the participant, just not the call. The recording is > from their view, in their current resolution and window size, with their > actions. Perhaps a site could be designed around these limitations, but > that seems like the tail wagging the dog. > In contrast, while a custom composition of a participant-neutral view > sounds like a lot more work initially, the end result would have none of > these problems. > > I already see requests in the thread for rendering in other resolutions, > which makes me wonder about the approach. > > > I agree with the IFRAME argument, we should prevent this for capturing > contents from outside the domain (and isolated streams). > > Yes, though again I don't know if it can be done safely. E.g. what would > happen if I do > > video.src = "foo.mp4"; await wait(5000); video.src = > "https://vulnerable-site.com/bar.mp4" > <https://vulnerable-site.com/bar.mp4>? > > > IMHO, I would prefer to extend to the media capture from DOM elements to > the window or document elements (following the same domain security > policies, of course). > > That's interesting, and might bring in DOM folks that perhaps would be > able to talk to the security ramifications of exposing DOM rendering in > this way (fingerprinting, personal data exposure through CSS exploits etc). > .: Jan-Ivar :. > > > Best regards > > Sergio > >
Received on Monday, 12 October 2020 18:40:21 UTC