Re: [whatwg] Fetch, MSE, and MIX

On Mon, Apr 20, 2015 at 11:16 AM, Jerry Smith (WINDOWS)
<jdsmith@microsoft.com> wrote:
> Has a mechanism been proposed that would block UAs from returning parsed
> data like this?  In the EME spec, UAs are required now to treat initiData as
> untrusted.  In this mixed content case with opaque data, are we extending
> this to mean that opaque initData parsed in trusted code must be kept opaque
> as far as the JS app is concerned?  Do we agree that is necessary?

Yes. We should not break SOP
https://annevankesteren.nl/2015/02/same-origin-policy any further.


-- 
https://annevankesteren.nl/

Received on Tuesday, 21 April 2015 16:53:33 UTC