[Bug 21203] EME leaks information cross-origin

https://www.w3.org/Bugs/Public/show_bug.cgi?id=21203

Adrian Bateman [MSFT] <adrianba@microsoft.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #32 from Adrian Bateman [MSFT] <adrianba@microsoft.com> ---
(In reply to Adrian Bateman [MSFT] from comment #30)
> Having looked at this, I have a different proposal:
> 
> 1) We should change step 3 of the algorithm in 4.1 (First time a key
> reference is encountered) and instead of throwing an error, we should send
> the needkey event with empty initdata. This allows apps that can get the
> initdata from a different source to know the key reference has been reached.
> 
> 2) We should remove the error from step 1 of 4.2 (encrypted block
> encountered) if keys is null. This means that applications that see
> encrypted content but haven't handled needkey or otherwise tried to provide
> keys will stall playback instead of throwing an error. I think this is
> acceptable.
> 
> If we do this then we can remove MEDIA_ERR_ENCRYPTED from the spec.

I made these changes.
https://dvcs.w3.org/hg/html-media/rev/cb3a898bcd64

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 17 December 2013 22:44:34 UTC