W3C home > Mailing lists > Public > public-html@w3.org > April 2011

Re: Systematic access to media/plugin metadata

From: Philip Jägenstedt <philipj@opera.com>
Date: Thu, 14 Apr 2011 16:35:47 +0200
To: public-html@w3.org
Message-ID: <op.vtxmtxavsr6mfa@localhost.localdomain>
On Thu, 14 Apr 2011 16:17:12 +0200, Leonard Rosenthol <lrosenth@adobe.com>  
wrote:

> Henri wrote:
>> In order to maintain the confidentiality properties that browsers now
>> provide, we can't allow metadata to be read cross-origin without *some*
>> participation of the server that serves the image.
>>
>
> If I can read the image, I should be able to read the metadata.  Why  
> would you need to restrict the metadata access if you don't restrict the  
> image itself?!?

The "image itself" is restricted. Specifically, you can't read out the  
pixel data of cross-origin images, just like one cannot read text or HTML  
files from cross-origin resources (without CORS or whatnot).

-- 
Philip Jägenstedt
Core Developer
Opera Software
Received on Thursday, 14 April 2011 14:36:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:24 UTC