Sketching [InjectionMitigated] for getAllScreensMedia().
This CL sketches an IDL attribute that prevents exposure of a given
attribute/method/interface/etc in the absence of a strict CSP delivered
as a header, along the lines of the Securer Contexts explainer.
As a proof of concept, the attribute is used to replace a subset of the
runtime checks currently applied to MediaDevices.getAllScreensMedia().
This method should eventually be marked [IsolatedContext], but will be
enabled via alternative mechanisms (OT + admin policy) until IWAs are
widely available. In the meantime, we can use this exploratory
attribute to limit the method's exposure to those contexts in which it
might be available.
Change-Id: I507722b13219defc8c7b8fd2ead230c1259cbac3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5458758
Reviewed-by: Guido Urdaneta guidou@chromium.org
Reviewed-by: Simon Hangl simonha@google.com
Reviewed-by: Michael Lippautz mlippautz@chromium.org
Commit-Queue: Mike West mkwst@chromium.org
Cr-Commit-Position: refs/heads/main@{#1294338}