-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Element Capture #954
Comments
Hi - some pieces of feedback from our TAG breakout this morning where we reviewed this: It seems like the explainer is very lean. We think that there are a number of issues that need to be more fully explored before we can be more sure about this proposal. In the use case that you're sharing a specific content area to an embedded iFrame (the use case in the explainer) what is the permissions flow for this scenario? For example - in current screen sharing scenarios, the user may be prompted to share a tab, a window, or the whole screen. What would the user be prompted for in this case? Would they be able to choose an alternative sharing target such as an other tab or the screen or is it envisioned that in this case they would be constrained to only share content from the designated application? Can this be treated like an extension to ViewPortCapture? We note that this sort of sharing carries similar security risks as that API, and the additional constraints on capture in that API might be better suited to this use case than the more general getDisplayMedia. The proposed API starts by preparing to share the whole of the content, and then restricting it to a particular part - have you considered ways to start with the specific part to be shared instead? (How would this affect occlusion?) You have a goal of avoiding occlusion, but what about elements that are partially-transparent? Would this capture what is rendered behind an element? |
(Note: Questions reordered to make the answers clearer, as later answers build on top of earlier ones.)
I aimed to make the explainer brief, and this article goes into more details and is more "instructive" in its tone. HTH?
Occluded content is "magic erased" from the capture as is occluding content. The article (link above) discusses this in detail, while the explainer, I acknowledge, only made passing and implicit reference to this fact ("frames produced on the restricted video track only consist of information from the target-element and its descendants"). Hope that's clear now. :-)
This API builds on top of existing screen-sharing API, meaning that the permission flow remains entirely unchanged. An application would first call
That's an alternative approach that we have considered. But as of the time of writing,
I actually think that starting with the entire current tab, is a strength of the current API shape, because we lean on established methods to prompt the user to share something they know is compromising, and avoid giving them the false sense of security, that they are sharing "less". Imagine a user, for instance, sharing "just the X iframe" and not realizing that it could, at any moment, be navigated, or load cross-origin resources... But sharing the entire current tab, that's a concept users already understand, and they know that it requires elevated trust. |
Thanks for your detailed reply @eladalon1983. The article you linked to answers several questions; thanks for that too. It would be really helpful for review, and future reference, if you could that content from the article into the explainer; it's OK to give a bit of the 'how to' info, as long as the explainer starts with the user needs being solved. That info, and the code snippets, helps to convey the intended API shape. There are a couple of additional things that we'd really like to see in the explainer:
Thanks in advance; we are looking forward to learning more about the above. |
Hi @eladalon1983, we discussed this review in our call today - just checking if you have any feedback with respect to our comment/questions above? |
Apologies for taking some time here. I'll respond soon. |
I have updated the explainer; PTAL. |
Regarding the name |
Thank you for the explainer updates, @eladalon1983. We are happy with this proposal overall, but please could you consider @martinthomson's concern above regarding the naming of We don't have anything further to add, so we'll close this. The "satisfied with concerns" status is to reflect that naming concern. |
Hej TAG!
I'm requesting a TAG review of Element Capture.
A combination of pre-existing mechanisms (getDisplayMedia, Region Capture) already allows Web applications to capture a portion of the current tab as video MediaStreamTrack, robustly cropping away irrelevant pixels. Such videos can than be transmitted remotely; removing pixels not intended for sharing helps the sharing user's privacy, and prevents distraction by the receiving users. It also helps conserve compute and network resources.
Our new API, Element Capture, takes this a step further, allowing Web applications to remove unwanted occlusions. For example, if a private message notification appears over the shared region, it is possible to avoid capturing that message, which also avoids transmitting it remotely, and therefore helps uphold privacy guarantees implicitly made to the user, who had only intended to share the target-region, and not whatever happened to be drawn over it.
Further details:
You should also know that...
Strong positive Web developer feedback for this feature was expressed on screen-share/element-capture#3 and during Screen Capture CG meetings.
The text was updated successfully, but these errors were encountered: