- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 21 Apr 2015 09:53:10 -0700
- To: "Jerry Smith (WINDOWS)" <jdsmith@microsoft.com>
- Cc: Ryan Sleevi <sleevi@google.com>, Henri Sivonen <hsivonen@hsivonen.fi>, Mark Watson <watsonm@netflix.com>, Martin Thomson <martin.thomson@gmail.com>, Aaron Colwell <acolwell@google.com>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Matthew Wolenetz <wolenetz@google.com>, WHATWG <whatwg@whatwg.org>, Domenic Denicola <d@domenic.me>, "public-html-media@w3.org" <public-html-media@w3.org>
On Mon, Apr 20, 2015 at 11:16 AM, Jerry Smith (WINDOWS) <jdsmith@microsoft.com> wrote: > Has a mechanism been proposed that would block UAs from returning parsed > data like this? In the EME spec, UAs are required now to treat initiData as > untrusted. In this mixed content case with opaque data, are we extending > this to mean that opaque initData parsed in trusted code must be kept opaque > as far as the JS app is concerned? Do we agree that is necessary? Yes. We should not break SOP https://annevankesteren.nl/2015/02/same-origin-policy any further. -- https://annevankesteren.nl/
Received on Tuesday, 21 April 2015 16:53:33 UTC