[whatwg] Possible alternative to specifying a codec for the <video> tag
David Gerard
dgerard at gmail.com
Mon Dec 24 09:32:40 PST 2007
On 24/12/2007, Krzysztof Żelechowski <giecrilj at stegny.2a.pl> wrote:
> Dnia 23-12-2007, N o godzinie 13:08 +0000, David Gerard pisze:
> > On 23/12/2007, Robert (Jamie) Munro <rjmunro at arjam.net> wrote:
> > > How could we do that? The codec is usually a relatively small download
> > > download compared to the video itself. If we could suggest a way for
> > Arbitrary executable downloads didn't work out well with ActiveX, and
> > "Download codec to view this!" is already a vector for malware.
> That would not be an arbitrary download; it would be a download of _the_
> codec.
> The executable code must not be enclosed in the content envelope (unless
> the envelope is generated on the fly by the server depending on the user
> agent; I think it would be a cumbersome thing to do).
> Arbitrary active extensions can request services from the operating
> system; the code to be executed should not be allowed to. It could be
> allowed to request services from the browser only; if that is set up
> correctly, the decoder will be as safe as the browser is, even if it is
> a piece of broken malware. Thus we would need the browser to be a
> direct show* engine provider for the decoder and the decoder would be
> allowed to access its own memory only and call its own functions and the
> functions explicitly provided by the browser. Is this feasible?
It still sounds to me a bit like a layer violation ... the content in
question is a bit active.
Mind you, HTML these days is generally riddled with (or only a
delivery mechanism for, e.g. in interactive television) JavaScript.
And codecs are a bit virtual-machine-like anyway (with playback
engines needing sandboxing to protect against codecs that are unsecure
against malicious files).
> And, last but not least: can we expect the opposing browser vendors to
> offer the direct show engine and allow the decoder to run without much
> user intervention? Because if not, this solution would be very weak.
> What do you think?
It strikes me as more trouble than it would be simply to remember that
in claiming Ogg was "proprietary", Nokia told a lie big enough to
crack and break the assumption of good faith; and if Apple could
really live with SHOULD in the spec, put back the baseline
recommendation of Ogg Theora and Ogg Vorbis.
- d.
More information about the whatwg
mailing list