[EME] Data passed to the CDM must not contain executable code.
--- a/encrypted-media/encrypted-media-respec.html Tue Oct 21 10:15:09 2014 -0700
+++ b/encrypted-media/encrypted-media-respec.html Tue Oct 21 10:22:23 2014 -0700
@@ -155,7 +155,9 @@
<p class="note">For example, an initialization, provisioning, or individualization process for a client device that involves communicating with a server hosted by the user agent or CDM vendor and does not contain application- or origin-specific information MUST be performed by the user agent without involving the application.
The same applies to reinitialization, reprovisioning, or reindividualization.
</p>
- <p>For implementations that support per-origin initialization, such messages MUST be passed to the application via the APIs.</p>
+ <p>For implementations that support per-origin initialization, such messages MUST be passed to the application via the APIs.
+ As with all other uses of the APIs, responses passed to the CDM MUST NOT contain executable code.
+ </p>
</dd>
<dt id="key-system">Key System</dt>
@@ -258,7 +260,7 @@
<p>Initialization Data MUST be a fixed value for a given set of stream(s) or <a def-id="media-data"></a>.
It MUST only contain information related to the keys required to play a given set of stream(s) or <a def-id="media-data"></a>.
- It MUST NOT contain application data, client-specific data, user-specific data, or <a href="#decryption-key">key(s)</a>.
+ It MUST NOT contain application data, client-specific data, user-specific data, <a href="#decryption-key">key(s)</a>, or executable code.
</p>
<p>Initialization Data SHOULD NOT contain Key System-specific data or values.
@@ -556,6 +558,7 @@
<dd>
The server certificate.
The contents are <a def-id="keysystem"></a>-specific.
+ It MUST NOT contain executable code.
</dd>
</dl>
@@ -841,7 +844,6 @@
<li><p>Return <var>promise</var>.</p></li>
</ol>
</dd>
-
<dt>Promise<void> update()</dt>
<dd>
<p>Provides messages, including licenses, to the CDM.</p>
@@ -851,6 +853,7 @@
<dd>
A message to be provided to the CDM.
The contents are <a def-id="keysystem"></a>-specific.
+ It MUST NOT contain executable code.
</dd>
</dl>