- From: <bugzilla@jessica.w3.org>
- Date: Tue, 20 Aug 2013 04:46:49 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=22909 --- Comment #3 from David Dorwin <ddorwin@google.com> --- (In reply to comment #1) The content of the subsections in comment #1 relate to key and content protection issues. That is very different from client security, which is the focus of the discussions that lead to this issue. We should focus the discussion in this bug on the latter. Note that [1] above is more similar to the former. (In reply to comment #2) Note: Comment #2 relates to bug 22901. I think we should discourage execution of any content from the media data or JavaScript (i.e. licenses). There are too many bad things that can happen from running untrusted code, especially if the CDM is running unsandboxed. Speaking of which, we should add a note that CDMs must be very careful to safely parse, decrypt, etc. media data and licenses. Also add a note that unsandboxed CDMs must be extra careful in all areas of security and probably recommend sandboxing in general. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 20 August 2013 04:46:51 UTC