[EME] Should we validate defaultURL/destinationURL? from David Dorwin on 2012-12-07 (public-html-media@w3.org from December 2012)

From: David Dorwin <ddorwin@google.com>
Date: Fri, 7 Dec 2012 11:01:18 -0800
To: public-html-media@w3.org
Message-ID: <CAHD2rshCFRy7zOzHjCU4_xR5RgUquRJUgNOeecJAfJDJovQ90g@mail.gmail.com>

Both versions of the API just say that defaultURL/destinationURL is a
DOMString. There is no mention of validating it or that it must be a valid
URL. Should we add such language?

It should be easy enough for the UA to validate the URLs before passing
them to the client, and then the application doesn't need to worry about
it. This also prevents this field from being abused for other purposes. The
only downside I can think of is that invalid URLs would not be passed to
the app, and it would have no indication that a URL was provided.

David

Received on Friday, 7 December 2012 19:02:08 UTC