W3C home > Mailing lists > Public > public-audio@w3.org > July to September 2013

MediaElementAudioSourceNode and cross-origin media resources

From: Robert O'Callahan <robert@ocallahan.org>
Date: Tue, 23 Jul 2013 16:30:00 +1200
Message-ID: <CAOp6jLa=-2P9N1q0NkLW-pC_Opm_Uh433YF=c34qbn6G8-ecLw@mail.gmail.com>
To: "public-audio@w3.org" <public-audio@w3.org>
HTML media elements can play media resources from any origin. When an
element plays a media resource from an origin different from the page's
origin, we must prevent page script from being able to read the contents of
the media (e.g. extract video frames or audio samples). In particular we
should prevent ScriptProcessorNodes from getting access to the media's
audio samples. We should also information about samples leaking in other
ways (e.g. timing channel attacks). Currently the Web Audio spec says
nothing about this.

Anyone know how Webkit/Blink solves this?

I think we should solve this by preventing any non-same-origin data from
entering Web Audio. That will minimize the attack surface and the impact on
Web Audio.

My proposal is to make MediaElementAudioSourceNode convert data coming from
a non-same origin stream to silence.

Note that it's not possible to confine origin checks to when a
MediaElementAudioSourceNode is created. For example, it's possible for a
media element's src to be set to a new URL after the Web Audio graph is up
and running.

Rob
-- 
Jtehsauts  tshaei dS,o n" Wohfy  Mdaon  yhoaus  eanuttehrotraiitny  eovni
le atrhtohu gthot sf oirng iyvoeu rs ihnesa.r"t sS?o  Whhei csha iids  teoa
stiheer :p atroa lsyazye,d  'mYaonu,r  "sGients  uapr,e  tfaokreg iyvoeunr,
'm aotr  atnod  sgaoy ,h o'mGee.t"  uTph eann dt hwea lmka'n?  gBoutt  uIp
waanndt  wyeonut  thoo mken.o w  *
*
Received on Tuesday, 23 July 2013 04:30:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:50:10 UTC