- From: Adrian Bateman <adrianba@microsoft.com>
- Date: Wed, 30 Jan 2013 17:00:16 +0000
- To: Joe Steele <steele@adobe.com>, David Dorwin <ddorwin@google.com>
- CC: "public-html-media@w3.org" <public-html-media@w3.org>
On Tuesday, January 22, 2013 8:15 AM, Joe Steele wrote: > Requiring the UA to validate the URLs passed would be a problem. The use > cases that I outlined for allowing the CDM to exchange information directly > with the application would rely on non-standard URL schemes. So we could > either standardize the scheme used as I suggested (e.g. app://example.com/<path+params>) > or not require these URLs to be standardized. While I don't think that smuggling data in the URL is a good idea, I don't think validation will prevent this. The format of a URI is pretty open so I wonder if we should only consider this if we think it is a good idea to further restrict the space of valid URIs, only allow certain schemes for example? Cheers, Adrian.
Received on Wednesday, 30 January 2013 17:04:24 UTC