I filed https://www.w3.org/Bugs/Public/show_bug.cgi?id=24026 related to this issue. On Wed, Jan 30, 2013 at 9:00 AM, Adrian Bateman <adrianba@microsoft.com>wrote: > On Tuesday, January 22, 2013 8:15 AM, Joe Steele wrote: > > Requiring the UA to validate the URLs passed would be a problem. The use > > cases that I outlined for allowing the CDM to exchange information > directly > > with the application would rely on non-standard URL schemes. So we could > > either standardize the scheme used as I suggested (e.g. app:// > example.com/<path+params>) > > or not require these URLs to be standardized. > > While I don't think that smuggling data in the URL is a good idea, I don't > think > validation will prevent this. The format of a URI is pretty open so I > wonder if > we should only consider this if we think it is a good idea to further > restrict the > space of valid URIs, only allow certain schemes for example? > > Cheers, > > Adrian. > > >
Received on Saturday, 7 December 2013 00:41:04 UTC