I mean a javascript api for capturing a renderered html page, or current viewport, and dump content onto an image.
While there are obvious attacks, such as taking screenshot of sensitive information, I don't really believe a screenshot api is more evil than, say, being able to log your key strokes with javascript (which you already can).
So to me, screenshot api is no more or less secure than any other existing api, an attacker using xss attacks can already do what they want.
So are there other vectors I haven't thought of, that makes screenshot api a no-go for browser vendors? Note you can already render some html through canvas/svg, and take screenshots using devtool or extensions.
See:
Aucun commentaire:
Enregistrer un commentaire