On Sat, Oct 25, 2014 at 3:24 PM, Jonas Sicking wrote:
> On Sat, Oct 25, 2014 at 7:51 AM, Eric Rescorla wrote:
> >> > Unfortunately, for the reasons I mentioned in the post I linked to
> >> > above,
> >> > it's hard for the user to give informed consent here, as they don't
> >> > understand
> >>
On Sat, Oct 25, 2014 at 7:51 AM, Eric Rescorla wrote:
>> > Unfortunately, for the reasons I mentioned in the post I linked to
>> > above,
>> > it's hard for the user to give informed consent here, as they don't
>> > understand
>> > SOP, CSRF, etc.
>>
>> It's unclear to me what you are suggesting t
On Fri, Oct 24, 2014 at 10:56 PM, Jonas Sicking wrote:
> On Fri, Oct 24, 2014 at 9:25 PM, Eric Rescorla wrote:
> > On Fri, Oct 24, 2014 at 3:56 PM, Robert O'Callahan >
> > wrote:
> >> On Sat, Oct 25, 2014 at 6:17 AM, Ehsan Akhgari >
> >> wrote:
> >>
> >> Can we keep track of where the stream c
On 2014-10-24, at 22:56, Jonas Sicking wrote:
>
> It's unclear to me what you are suggesting that we should or should not do.
>
> Also, often times there's much more sensitive information captured
> from a user's camera, than from a user's screen. Doesn't SOP and CSRF
> concerns apply there too?
On Fri, Oct 24, 2014 at 9:25 PM, Eric Rescorla wrote:
> On Fri, Oct 24, 2014 at 3:56 PM, Robert O'Callahan
> wrote:
>> On Sat, Oct 25, 2014 at 6:17 AM, Ehsan Akhgari
>> wrote:
>>
>> Can we keep track of where the stream comes from, and make sure to taint
>> > the images that can come out of them
On Fri, Oct 24, 2014 at 3:56 PM, Robert O'Callahan
wrote:
> On Sat, Oct 25, 2014 at 6:17 AM, Ehsan Akhgari
> wrote:
>
> Can we keep track of where the stream comes from, and make sure to taint
> > the images that can come out of them similar to the way that we taint
> cross
> > origin images by
On Sat, Oct 25, 2014 at 6:17 AM, Ehsan Akhgari
wrote:
Can we keep track of where the stream comes from, and make sure to taint
> the images that can come out of them similar to the way that we taint cross
> origin images by default to prevent them from being read back on the
> client? I think wi
On Fri, Oct 24, 2014 at 8:48 PM, Anne van Kesteren wrote:
> 2) We could perhaps have some concept of taking a snapshot of the
> current page or indicated fragment so we can analyze it
> asynchronously. Then if a known-bad thing was found, such as a plugin,
> native form control, or non-CORS cross
On 2014-10-24 4:08 AM, Jonas Sicking wrote:
On Thu, Oct 23, 2014 at 2:10 PM, Jet Villegas wrote:
Kicking off this thread to get a discussion on:
1. Web-facing or not?
I think we have to make it web facing. If we want the web to be
competitive with other platforms, which I hope we do, we have
ot;Matt Woodrow" ,
"Jonas Sicking" , "Nicolas Silva" ,
"Robert O'Callahan" , "mozilla.dev.platform group"
, "Jonas Sicking" , "Boris
Zbarsky"
Sent: Friday, October 24, 2014 9:23:49 AM
Subject: Re: Screen Capture
Ah. So this seems to be a
Ah. So this seems to be a rather more limited function than the one that we
are currently providing, which is a full motion video of the screen/window.
I haven't decided yet whether I think it makes sense to have a "snapshot"
API
as a separate thing, as opposed to just capturing the video stream a
Just in case this makes it into bugzilla, this is the bug that’s tracking the
original proposal:
https://bugzilla.mozilla.org/show_bug.cgi?id=744100
--
- Milan
On Oct 24, 2014, at 11:44 , Eric Rescorla wrote:
> Here is my writeup of the security issues with this from a while ago:
> http://lis
Here is my writeup of the security issues with this from a while ago:
http://lists.w3.org/Archives/Public/public-webrtc/2013Mar/0024.html
As MT says, we already are shipping screen sharing in FF 33. It's
currently whitelisted, but otherwise it's fairly complete.
-Ekr
On Fri, Oct 24, 2014 at 1:0
On 24/10/14 10:08, Jonas Sicking wrote:
>> 2. Security/Privacy concerns
>
> so we'd have to be careful with how we do it. For example always
> showing an on-screen indicator indicating that the screen is currently
> shared. And reminding the user that password etc can be read by the
> remote party
On Fri, Oct 24, 2014 at 4:56 PM, Boris Zbarsky wrote:
> On 10/24/14, 3:48 AM, Anne van Kesteren wrote:
>> Then if a known-bad thing was found, such as a plugin,
>> native form control, or non-CORS cross-origin image,
>
> Or link, right? Otherwise you leak :visited state.
I was not trying to be e
On 10/24/14, 3:48 AM, Anne van Kesteren wrote:
Then if a known-bad thing was found, such as a plugin,
native form control, or non-CORS cross-origin image,
Or link, right? Otherwise you leak :visited state.
-Boris
___
dev-platform mailing list
dev-pl
On Fri, Oct 24, 2014 at 10:35 AM, Andreas Tolfsen wrote:
> On Fri, Oct 24, 2014 at 8:48 AM, Anne van Kesteren wrote:
>> 2) We could perhaps have some concept of taking a snapshot of the
>> current page or indicated fragment so we can analyze it
>> asynchronously. Then if a known-bad thing was fou
I think it would be useful to distinguish between a one-off screenshot
and screen sharing/streaming here.
On Thu, Oct 23, 2014 at 10:10 PM, Jet Villegas wrote:
> 1. Web-facing or not?
Both. Perhaps with different security models.
> 2. Security/Privacy concerns
Many. If granting permission to
Jonas,
Le 24 oct. 2014 à 10:08, Jonas Sicking a écrit :
> It would also be cool to enable sharing just a particular app, or a
> particular browser tab. This is a problem that I see in native apps
> often. At some video conference someone wants to share a slideshow,
> but they end up showing their
On Thu, Oct 23, 2014 at 2:10 PM, Jet Villegas wrote:
> Kicking off this thread to get a discussion on:
>
> 1. Web-facing or not?
I think we have to make it web facing. If we want the web to be
competitive with other platforms, which I hope we do, we have to
expose this functionality.
However it
Le 24 oct. 2014 à 09:48, Anne van Kesteren a écrit :
> 1) We could ask for permission…
yes. To take account that sometimes people forget they gave a permission. So
maybe it should be a one-off permission only. (Just thinking)
Some other things that could be done:
* A visual notification and/o
On Thu, Oct 23, 2014 at 11:39 PM, Robert O'Callahan
wrote:
> On Fri, Oct 24, 2014 at 10:10 AM, Jet Villegas wrote:
>> 1. Web-facing or not?
>
> I don't think we can.
1) We could ask for permission...
2) We could perhaps have some concept of taking a snapshot of the
current page or indicated fra
On 23/10/2014 22:10, Jet Villegas wrote:
Roc wrote up a proposal last year for a web-facing screen capture API:
https://wiki.mozilla.org/User:Roc/ScreenCaptureAPI
Even if not web-facing, we could use the implementation code to cover chrome
use cases like this one:
https://bugzilla.mozilla.org/s
We're already doing screen capture in Firefox 33. Video, not still I think.
But the APIs are in place, if the implementation is not.
This is not web-facing in the classic sense
(https://wiki.mozilla.org/Screensharing) but there are plans to make at least a
limited feature set available.
Yes,
On Fri, Oct 24, 2014 at 10:10 AM, Jet Villegas wrote:
> Roc wrote up a proposal last year for a web-facing screen capture API:
> https://wiki.mozilla.org/User:Roc/ScreenCaptureAPI
>
> Even if not web-facing, we could use the implementation code to cover
> chrome use cases like this one:
> https:/
25 matches
Mail list logo
