- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Tue, 23 Jul 2013 16:30:00 +1200
- To: "public-audio@w3.org" <public-audio@w3.org>
- Message-ID: <CAOp6jLa=-2P9N1q0NkLW-pC_Opm_Uh433YF=c34qbn6G8-ecLw@mail.gmail.com>
HTML media elements can play media resources from any origin. When an element plays a media resource from an origin different from the page's origin, we must prevent page script from being able to read the contents of the media (e.g. extract video frames or audio samples). In particular we should prevent ScriptProcessorNodes from getting access to the media's audio samples. We should also information about samples leaking in other ways (e.g. timing channel attacks). Currently the Web Audio spec says nothing about this. Anyone know how Webkit/Blink solves this? I think we should solve this by preventing any non-same-origin data from entering Web Audio. That will minimize the attack surface and the impact on Web Audio. My proposal is to make MediaElementAudioSourceNode convert data coming from a non-same origin stream to silence. Note that it's not possible to confine origin checks to when a MediaElementAudioSourceNode is created. For example, it's possible for a media element's src to be set to a new URL after the Web Audio graph is up and running. Rob -- Jtehsauts tshaei dS,o n" Wohfy Mdaon yhoaus eanuttehrotraiitny eovni le atrhtohu gthot sf oirng iyvoeu rs ihnesa.r"t sS?o Whhei csha iids teoa stiheer :p atroa lsyazye,d 'mYaonu,r "sGients uapr,e tfaokreg iyvoeunr, 'm aotr atnod sgaoy ,h o'mGee.t" uTph eann dt hwea lmka'n? gBoutt uIp waanndt wyeonut thoo mken.o w * *
Received on Tuesday, 23 July 2013 04:30:27 UTC