Chrome basically is abusing its market position, 69.65% globally, and becomes the new IE. Implementing its own HTML/JS standard.
The sad truth is, some companies will look at Statcounter[0] and say because Firefox does not reach 5% global population and decided not supporting it, actively or passively.
This is literally how the standards are meant to work, at least on the JS side. The tc39 process requires at least two live implementations to exist before a spec can move to finished.
In this case, there's also people from Mozilla onboard, so there's no guarantee that it'll remain chrome only or that chrome will keep it if the spec doesn't go anywhere.
In fact, much of the web as we know it evolved this way. We have IE to thank for AJAX, after all.
Uughh why do we need this whole new html element and not simply make the getUserMedia API allowed to be called more than once if the initiator is a user click?
I'm not all that happy with second chance options in the first place, but a dedicated element with protections on making sure it's clear clicking that particular element is going to second chance it is at least much less likely to get abused.
At the very least, Firefox's position on the similar <geolocation> element is positive.[0] I would assume their position for other permissions elements would be the same.
The similar <geolocation> element has clickjacking prevention enforced by the browser[0], and even if the website finds a way around it, it still shows the normal permission prompt.[1]
Chrome basically is abusing its market position, 69.65% globally, and becomes the new IE. Implementing its own HTML/JS standard.
The sad truth is, some companies will look at Statcounter[0] and say because Firefox does not reach 5% global population and decided not supporting it, actively or passively.
[0]: https://gs.statcounter.com/
This is literally how the standards are meant to work, at least on the JS side. The tc39 process requires at least two live implementations to exist before a spec can move to finished.
In this case, there's also people from Mozilla onboard, so there's no guarantee that it'll remain chrome only or that chrome will keep it if the spec doesn't go anywhere.
In fact, much of the web as we know it evolved this way. We have IE to thank for AJAX, after all.
Anything new I have to block so my ass can't be fingerprinted?
Uughh why do we need this whole new html element and not simply make the getUserMedia API allowed to be called more than once if the initiator is a user click?
I'm not all that happy with second chance options in the first place, but a dedicated element with protections on making sure it's clear clicking that particular element is going to second chance it is at least much less likely to get abused.
Is this Chrome only or something the other browsers are working on, too. A quick web search does not seem to produce any relevant hits.
At the very least, Firefox's position on the similar <geolocation> element is positive.[0] I would assume their position for other permissions elements would be the same.
[0]: https://github.com/mozilla/standards-positions/issues/1288
Seems Chrome-only for now. But the spec (Working draft) has an editor from Mozilla as well, so maybe someday... https://w3c.github.io/mediacapture-extensions/#the-usermedia...
This won’t get abused. /s
How do you see it being abused?
"Press here to view the content", there's already plenty in the wild that grant access to notifications with deceptive buttons.
The similar <geolocation> element has clickjacking prevention enforced by the browser[0], and even if the website finds a way around it, it still shows the normal permission prompt.[1]
[0]: https://developer.mozilla.org/en-US/docs/Web/API/HTMLGeoloca...
[1]: https://mdn.github.io/dom-examples/geolocation-element/basic... (requires Chromium)
“targeted and functional controls for accessing camera and microphone streams”