[whatwg] Same-origin checking for media elements

Philip Jägenstedt philipj at opera.com
Wed Nov 12 03:16:14 PST 2008

I don't quite see why one should betray the size of media data and not
other data. Surely the existance and size of media files on an intranet
could be sensitive information too, so a more general solution is needed
in my opinion. Am I misunderstanding what is being suggested?


On Wed, 2008-11-12 at 23:58 +1300, Robert O'Callahan wrote:
> On Wed, Nov 12, 2008 at 11:19 PM, Jonas Sicking <jonas at sicking.cc>
> wrote:
>         An additional, though rather minor problem, is that
>         implementations will have to delay the loadstart event until
>         it has confirmed that the targeted file is in fact a real
>         video file, and has confirmed that with relatively high level
>         of confidence. Otherwise the size of random HTML files can be
>         measured using the <video> element.
> We can fire "loadstart" normally and return 0 in the "loaded"
> attribute and "unknown" in the "total" attribute (however that should
> be encoded). (We have to be able to return "unknown" since there can
> be situations, e.g. live streams, where we'll never know the total
> size.) 

Philip Jägenstedt
Opera Software

More information about the whatwg mailing list