Bureaucrats, canmove, Confirmed users
642
edits
Firefox3.1/Video Security Review: Difference between revisions
Jump to navigation
Jump to search
Firefox3.1/Video Security Review (view source)
Revision as of 00:52, 11 November 2008
, 11 November 2008→Review comments
| Line 98: | Line 98: | ||
== Review comments == | == Review comments == | ||
* src load needs to call CheckLoadURI() to prevent load of file:, chrome:, javascript: etc types. | |||
* data: is probably fine | |||
* Using Access-Control utils (under discussion) should already contain those checks, but we should test to be sure. | |||
* There was some talk of a pref to override access-control checks, as a developer thing. | |||
* <video> and <audio> need to check with defined nsIContentPolicy providers (we do, roc thinks) | |||
* bandwidth issue: no way (pref) to turn off video or audio. Apparently a kill switch is already planned as a fall-back in case of legal issues. Need a bug for UI on this. | |||
* also an accessibility issue. | |||