W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: [SRI] Escaping mixed-content blocking for video distribution

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 13 Nov 2014 10:45:35 +0100
Message-ID: <CADnb78h0+Qy5K9VoUPLRFOzz7=NbFL3dQTkcDML2hN+Gc45zxA@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: Mark Watson <watsonm@netflix.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Nov 12, 2014 at 11:39 PM, Brian Smith <brian@briansmith.org> wrote:
> AFAICT. In order for browsers to be able to appropriately scope the
> allowance for mixed content that you are asking for, a purely
> declarative mechanism for MSE would be needed.

While we are being speculative, we could offer

  xhr.responseType = "mse"
  xhr.onload = function() {
    video.feedBytes(xhr.response) // prolly has other name than feedBytes

with xhr.response being an opaque object that only the browser can read from.

However, it seems rather weird to offer such a thing just because
Netflix can't TLS like YouTube can.

Received on Thursday, 13 November 2014 09:46:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:42 UTC