W3C home > Mailing lists > Public > public-html-media@w3.org > January 2013

RE: [EME] Should we validate defaultURL/destinationURL?

From: Adrian Bateman <adrianba@microsoft.com>
Date: Wed, 30 Jan 2013 17:00:16 +0000
To: Joe Steele <steele@adobe.com>, David Dorwin <ddorwin@google.com>
CC: "public-html-media@w3.org" <public-html-media@w3.org>
Message-ID: <4085040b1cd34e808576be03b758cccc@BL2PR03MB604.namprd03.prod.outlook.com>
On Tuesday, January 22, 2013 8:15 AM, Joe Steele wrote:
> Requiring the UA to validate the URLs passed would be a problem. The use
> cases that I outlined for allowing the CDM to exchange information directly
> with the application would rely on non-standard URL schemes. So we could
> either standardize the scheme used as I suggested (e.g. app://example.com/<path+params>)
> or not require these URLs to be standardized.

While I don't think that smuggling data in the URL is a good idea, I don't think
validation will prevent this. The format of a URI is pretty open so I wonder if
we should only consider this if we think it is a good idea to further restrict the
space of valid URIs, only allow certain schemes for example?

Cheers,

Adrian.
Received on Wednesday, 30 January 2013 17:04:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 17:04:25 GMT