On Fri, Oct 24, 2014 at 10:35 AM, Andreas Tolfsen <a...@mozilla.com> wrote: > On Fri, Oct 24, 2014 at 8:48 AM, Anne van Kesteren <ann...@annevk.nl> wrote: >> 2) We could perhaps have some concept of taking a snapshot of the >> current page or indicated fragment so we can analyze it >> asynchronously. Then if a known-bad thing was found, such as a plugin, >> native form control, or non-CORS cross-origin image, we would reject. > > Capturing a fragment, e.g. the bounding box of an element, of the > viewport seems useful, but what constitutes as “bad” in this context? > It depends a lot on what the user wants to share.
I had the original screenshot API in mind, which would expose the resulting pixels to the site's origin. Anything that does that either needs permission or needs to return nothing if something compromising the same-origin policy would be exposed otherwise. -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
