This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Specification: https://html.spec.whatwg.org/ Multipage: https://html.spec.whatwg.org/multipage/#loading-the-media-resource Complete: https://html.spec.whatwg.org/#loading-the-media-resource Referrer: Comment: Should audio and video tracks be exposed cross-origin? Posted from: 14.162.108.112 User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36 OPR/27.0.1689.66
In-band text tracks are not exposed cross-origin, with this spec note: "Cross-origin videos do not expose their subtitles, since that would allow attacks such as hostile sites reading subtitles from confidential videos on a user's intranet" The same is not true for in-band audio and video tracks. Is this an oversight or per design? The *Track objects expose a bunch of metadata...
Yeah I guess the id/kind/label/language metadata should be blocked.
https://github.com/whatwg/html/issues/1735