[EME] Bug 26838 - Validate and/or sanitize initData before passing it to the CDM.
--- a/encrypted-media/encrypted-media.html Fri Sep 19 15:11:51 2014 -0700
+++ b/encrypted-media/encrypted-media.html Fri Sep 19 16:05:51 2014 -0700
@@ -558,13 +558,23 @@
<li>
<p>Run the following steps asynchronously:</p>
<ol>
+ <li><p>If the <var>init data</var> is not valid for <var title="true">initDataType</var>, reject <var>promise</var> with a new <code><a href="http://www.w3.org/TR/dom/#exception-domexception">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</p></li>
+ <li>
+<p>Let <var>sanitized init data</var> be a validated and/or sanitized version of <var>init data</var>.</p>
+ <div class="note">The user agent should thoroughly validate the Initialization Data before passing it to the CDM.
+ This may include verifying values are within reasonable limits, stripping irrelevant data or fields, pre-parsing it, sanitizing it, and/or generating a fully sanitized version.
+ The user agent should check that the length and values of fields are reasonable.
+ Unknown fields should be rejected or removed.
+ For Initialization Data formats that support multiple entries, the user agent should remove entries that are not needed by the CDM.
+ </div>
+ </li>
+ <li><p>If the previous step failed, reject <var>promise</var> with a new <code><a href="http://www.w3.org/TR/dom/#exception-domexception">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</p></li>
<li><p>Let <var title="true">session id</var> be the empty string.</p></li>
<li><p>Let <var title="true">message</var> be null.</p></li>
<li><p>Let <var title="true">cdm</var> be the CDM loaded during the <a href="#dom-create">initialization</a> of <var title="true">media keys</var>.</p></li>
<li>
<p>Use the <var title="true">cdm</var> to execute the following steps:</p>
<ol>
- <li><p>If the <var>init data</var> is not valid for <var title="true">initDataType</var>, reject <var>promise</var> with a new <code><a href="http://www.w3.org/TR/dom/#exception-domexception">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</p></li>
<li><p>If the <var>init data</var> is not supported by the <var title="true">cdm</var>, reject <var>promise</var> with a new <code><a href="http://www.w3.org/TR/dom/#exception-domexception">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">"NotSupportedError"</a></code>.</p></li>
<li>
<p>Follow the steps for the first matching condition from the following list:</p>
--- a/encrypted-media/encrypted-media.xml Fri Sep 19 15:11:51 2014 -0700
+++ b/encrypted-media/encrypted-media.xml Fri Sep 19 16:05:51 2014 -0700
@@ -537,12 +537,21 @@
<li><p>Let <var>promise</var> be a new promise.</p></li>
<li><p>Run the following steps asynchronously:</p>
<ol>
+ <li><p>If the <var>init data</var> is not valid for <var title="true">initDataType</var>, reject <var>promise</var> with a new <code><dom4ref name="exception-domexception">DOMException</dom4ref></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</p></li>
+ <li><p>Let <var>sanitized init data</var> be a validated and/or sanitized version of <var>init data</var>.</p>
+ <div class="note">The user agent should thoroughly validate the Initialization Data before passing it to the CDM.
+ This may include verifying values are within reasonable limits, stripping irrelevant data or fields, pre-parsing it, sanitizing it, and/or generating a fully sanitized version.
+ The user agent should check that the length and values of fields are reasonable.
+ Unknown fields should be rejected or removed.
+ For Initialization Data formats that support multiple entries, the user agent should remove entries that are not needed by the CDM.
+ </div>
+ </li>
+ <li><p>If the previous step failed, reject <var>promise</var> with a new <code><dom4ref name="exception-domexception">DOMException</dom4ref></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</p></li>
<li><p>Let <var title="true">session id</var> be the empty string.</p></li>
<li><p>Let <var title="true">message</var> be null.</p></li>
<li><p>Let <var title="true">cdm</var> be the CDM loaded during the <a href="#dom-create">initialization</a> of <var title="true">media keys</var>.</p></li>
<li><p>Use the <var title="true">cdm</var> to execute the following steps:</p>
<ol>
- <li><p>If the <var>init data</var> is not valid for <var title="true">initDataType</var>, reject <var>promise</var> with a new <code><dom4ref name="exception-domexception">DOMException</dom4ref></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</p></li>
<li><p>If the <var>init data</var> is not supported by the <var title="true">cdm</var>, reject <var>promise</var> with a new <code><dom4ref name="exception-domexception">DOMException</dom4ref></code> whose name is <code><a href="#dfn-NotSupportedError">"NotSupportedError"</a></code>.</p></li>
<li><p>Follow the steps for the first matching condition from the following list:</p>
<dl class="switch">