-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deny captureStream for cross-origin media by default #70
Comments
As long as the |
This is media stream, so there's no requirement of canvas. It is similar to drawImage, but the spec doesn't have nice concept like "origin-clean flag". So any new media API that can retrieve data from stream (or streamTrack, and more) could potentially leak the data. |
So in that sense, I don't have much problem with HTMLCanvasElement.captureStream() because UA can check "origin clean flag" of canvas. But I'm worried about HTMLMediaElement.captureStream(). |
What are the risks with capturing cross-origin media content? |
Potential of stealing cross-origin media file. But seems like there are more APIs that has ability to do it. So closing the issue. |
Per spec, it is allowed to captureStream() cross-origin media contents. But I don't see much benefit from it. Instead, there are many risks. Media related APIs are growing and it's complicated for browsers to allow captureStream of cross-origin media yet deny leaking information. Stream can be passed from video <-> canvas, or to WebRTC peer, etc.
Chrome denies to captureStream for cross-origin media contents today. Where Firefox allows it.
I think we should stick to Chrome's behavior and change the spec.
Test
https://test.shhnjk.com/whycapture.html
The text was updated successfully, but these errors were encountered: