Re: [EME] Should we validate defaultURL/destinationURL? from Joe Steele on 2013-01-22 (public-html-media@w3.org from January 2013)

From: Joe Steele <steele@adobe.com>
Date: Tue, 22 Jan 2013 08:15:12 -0800
To: David Dorwin <ddorwin@google.com>
CC: "public-html-media@w3.org" <public-html-media@w3.org>
Message-ID: <1731B6F3-8980-4886-ACCB-656556BADF8A@adobe.com>

Requiring the UA to validate the URLs passed would be a problem. The use cases that I outlined for allowing the CDM to exchange information directly with the application would rely on non-standard URL schemes. So we could either standardize the scheme used as I suggested (e.g. app://example.com/<path+params>) or not require these URLs to be standardized.

Joe Steele
steele@adobe.com<mailto:steele@adobe.com>

On Dec 7, 2012, at 11:01 AM, David Dorwin <ddorwin@google.com<mailto:ddorwin@google.com>> wrote:

Both versions of the API just say that defaultURL/destinationURL is a DOMString. There is no mention of validating it or that it must be a valid URL. Should we add such language?

It should be easy enough for the UA to validate the URLs before passing them to the client, and then the application doesn't need to worry about it. This also prevents this field from being abused for other purposes. The only downside I can think of is that invalid URLs would not be passed to the app, and it would have no indication that a URL was provided.

David

Received on Tuesday, 22 January 2013 16:16:00 UTC