Hacker News

Favorites Setup
Comment by rho138 | original | The <Usermedia> HTML Element
[−]rho138 · 2026-07-02 Thu 00:19 UTC · link
This won’t get abused. /s
[−]saagarjha · 2026-07-02 Thu 00:25 UTC · link
How do you see it being abused?
[−]unfocso · 2026-07-02 Thu 00:31 UTC · link
"Press here to view the content", there's already plenty in the wild that grant access to notifications with deceptive buttons.
[−]cwmoore · 2026-07-02 Thu 00:58 UTC · link
“targeted and functional controls for accessing camera and microphone streams”
[−]sheept · 2026-07-02 Thu 01:24 UTC · link
The similar <geolocation> element has clickjacking prevention enforced by the browser[0], and even if the website finds a way around it, it still shows the normal permission prompt.[1]

[0]: https://developer.mozilla.org/en-US/docs/Web/API/HTMLGeoloca...

[1]: https://mdn.github.io/dom-examples/geolocation-element/basic... (requires Chromium)

[−]ameliaquining · 2026-07-02 Thu 02:51 UTC · link
To be sure, evil websites will still be able to put misleading content around the element, and hope that the least savvy users will be fooled or will click the button out of confusion. But they can already do that with the existing JavaScript-triggered permission prompt.
[−]akersten · 2026-07-02 Thu 03:19 UTC · link
It's kind of insane to me that effort was put into all these fuzzy make-your-site-randomly-not-work heuristics and at the end of the day it still pops open the permission dialog anyway. It's like the worst of both worlds