I filed https://www.w3.org/Bugs/Public/show_bug.cgi?id=24026 related to
this issue.
On Wed, Jan 30, 2013 at 9:00 AM, Adrian Bateman <adrianba@microsoft.com>wrote:
> On Tuesday, January 22, 2013 8:15 AM, Joe Steele wrote:
> > Requiring the UA to validate the URLs passed would be a problem. The use
> > cases that I outlined for allowing the CDM to exchange information
> directly
> > with the application would rely on non-standard URL schemes. So we could
> > either standardize the scheme used as I suggested (e.g. app://
> example.com/<path+params>)
> > or not require these URLs to be standardized.
>
> While I don't think that smuggling data in the URL is a good idea, I don't
> think
> validation will prevent this. The format of a URI is pretty open so I
> wonder if
> we should only consider this if we think it is a good idea to further
> restrict the
> space of valid URIs, only allow certain schemes for example?
>
> Cheers,
>
> Adrian.
>
>
>