RE: [EME] Should we validate defaultURL/destinationURL?

On Tuesday, January 22, 2013 8:15 AM, Joe Steele wrote:
> Requiring the UA to validate the URLs passed would be a problem. The use
> cases that I outlined for allowing the CDM to exchange information directly
> with the application would rely on non-standard URL schemes. So we could
> either standardize the scheme used as I suggested (e.g. app://example.com/<path+params>)
> or not require these URLs to be standardized.

While I don't think that smuggling data in the URL is a good idea, I don't think
validation will prevent this. The format of a URI is pretty open so I wonder if
we should only consider this if we think it is a good idea to further restrict the
space of valid URIs, only allow certain schemes for example?

Cheers,

Adrian.

Received on Wednesday, 30 January 2013 17:04:24 UTC