- From: <bugzilla@wiggum.w3.org>
- Date: Tue, 27 Jan 2009 14:23:20 +0000
- To: public-html@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=6476 Summary: cross-origin media element loads and progress events Product: HTML WG Version: unspecified Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Spec bugs AssignedTo: dave.null@w3.org ReportedBy: annevk@opera.com QAContact: public-html-bugzilla@w3.org CC: ian@hixie.ch, mike@w3.org, public-html@w3.org Media elements currently allow for cross-origin loads without explicit opt in from the server they are requested from. So far this is similar to the img element and ok. However, progress events are not limited in any way exposing more information about the file on the other end than has been possible so far with cross-origin loads. That information needs to be restricted somehow. Most likely by using CORS as defense mechanism. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
Received on Tuesday, 27 January 2009 14:23:29 UTC