W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2013

[Bug 21203] EME leaks information cross-origin

From: <bugzilla@jessica.w3.org>
Date: Sat, 26 Oct 2013 01:15:18 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-21203-2486-IRqwVXWrk1@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21203

--- Comment #24 from Joe Steele <steele@adobe.com> ---
I think the concern here was that the defaultURL associated with the key
request is going to be provided by the CDM and yet may be sent data from the
media origin (namely the initData). This could be seen as a leak. Maybe the
wording needs to be adjusted however.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Saturday, 26 October 2013 01:15:19 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:45 UTC