Hi Arthur, On Tuesday, March 28, 2023 at 11:13:45 AM UTC+3 [email protected] wrote:
Hi Bhaumik, There was one question left unanswered in the I2P thread from the security review, so I'm reposting it here: "This is my understanding, let me know if that's correct: Background blur is applied by request or constraint. In the first implementation only stream sources like cameras obtained by GetUserMedia support blurring. This is completely unidirectional, from the device to the platform. Getting a stream from another source such as CanvasCaptureMediaStreamTrack will simply not support the capability. Therefore there is no way to send custom crafted bits into the native APIs, and in general no content from the internet flows into the native APIs." Is that accurate? Yes, that's accurate. I also updated the Explainer Security considerations <https://github.com/riju/backgroundBlur/blob/main/explainer.md#security-considerations> sections to describe this. BR, Eero -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/416bef82-6dd3-4c99-ac17-1079a6a2dad8n%40chromium.org.
