[mediacapture-screen-share] Spec should mention clickjacking concerns (#231)

jan-ivar has just created a new issue for https://github.com/w3c/mediacapture-screen-share:

== Spec should mention clickjacking concerns ==
Though it's unspecified, all browsers that support `"window"` and `"browser"` displaySurfaces [focus the captured window and/or tab either immediately before or immediately after *getDisplayMedia* success](https://jsfiddle.net/jib1/1vjpow8b/show) (in Firefox it's after, but in Chrome it's had to tell because its prompt blurs the page).

If designed poorly, this may risk exposing end-users to clickjacking attacks. E.g. if the target window or tab is obscured and isn't focused immediately, then a malicious page might anticipate or guess its location before it is brought to front and lure users with a well-placed button.

Without challenging this being [implementation defined](https://infra.spec.whatwg.org/#implementation-defined), we should mention clickjacking concerns and give guidance.

Particularly, focusing after capture has started seems worse, as a malicious capturer can then look at the displaySurface to determine what is being captured and position their lure button more optimally to hit a certain target button.

In practice, today's browsers seem to be doing a good job here, switching focus so immediately that there's little time for users to click any misrepresentations, so this is more to make sure the spec is thorough and have something to point at in new issues like #190 where this initially came up.

Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/231 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 2 September 2022 19:15:50 UTC