- From: Dave Singer <singer@apple.com>
- Date: Thu, 28 Aug 2008 15:09:00 -0700
- To: public-html@w3.org
I believe (and someone can correct me if I am wrong) that DOM access to image/video meta-data is problematic beause of cross-site scripting: e.g. you design a page which you persuade me to load, that manages to load an apple-internal image (which you can't see but I can) which is titled "iPhone 5G desktop model", and your scripts extract that info. from the image and send it back to you.... -- David Singer Apple/QuickTime
Received on Thursday, 28 August 2008 22:11:09 UTC