[EME] Bug 26838 - Make the specifics of initData validation normative.
authorDavid Dorwin <ddorwin@google.com>
Fri, 17 Oct 2014 12:21:26 -0700
changeset 478 7f45ba26e755
parent 477 c61aba661aa6
child 479 6cae6df4babd
[EME] Bug 26838 - Make the specifics of initData validation normative.
encrypted-media/encrypted-media-respec.html
encrypted-media/encrypted-media.html
--- a/encrypted-media/encrypted-media-respec.html	Fri Oct 17 11:57:49 2014 -0700
+++ b/encrypted-media/encrypted-media-respec.html	Fri Oct 17 12:21:26 2014 -0700
@@ -701,12 +701,11 @@
             <li><p>Run the following steps asynchronously:</p>
               <ol>
                 <li><p>If the <var>init data</var> is not valid for <var title="true">initDataType</var>, reject <var>promise</var> with <a def-id="new-domexception-named"></a> <a def-id="InvalidAccessError"></a>.</p></li>
-                <li><p>Let <var>sanitized init data</var> be a validated and/or sanitized version of <var>init data</var>.</p>
-                  <p class="note">The user agent should thoroughly validate the Initialization Data before passing it to the CDM.
-                    This may include verifying values are within reasonable limits, stripping irrelevant data or fields, pre-parsing it, sanitizing it, and/or generating a fully sanitized version.
-                    The user agent should check that the length and values of fields are reasonable.
-                    Unknown fields should be rejected or removed.
-                    For Initialization Data formats that support multiple entries, the user agent should remove entries that are not needed by the CDM.
+                <li><p>Let <var>sanitized init data</var> be a validated and sanitized version of <var>init data</var>.</p>
+                  <p>The user agent MUST thoroughly validate the <a def-id="initialization-data"></a> before passing it to the CDM.
+                    This includes verifying that the length and values of fields are reasonable, verifying that values are within reasonable limits, and stripping irrelevant, unsupported, or unknown data or fields.
+                    It is RECOMMENDED that user agents pre-parse, sanitize, and/or generate a fully sanitized version of the <a def-id="initialization-data"></a>.
+                    If the <a def-id="initialization-data"></a> format specified by <var title="true">initDataType</var> support multiple entries, the user agent SHOULD remove entries that are not needed by the CDM.
                   </p>
                 </li>
                 <li><p>If the previous step failed, reject <var>promise</var> with <a def-id="new-domexception-named"></a> <a def-id="InvalidAccessError"></a>.</p></li>
--- a/encrypted-media/encrypted-media.html	Fri Oct 17 11:57:49 2014 -0700
+++ b/encrypted-media/encrypted-media.html	Fri Oct 17 12:21:26 2014 -0700
@@ -445,7 +445,7 @@
   </p>
   <h1 class="title p-name" id="title" property="dcterms:title">Encrypted Media Extensions</h1>
   
-  <h2 property="dcterms:issued" datatype="xsd:dateTime" content="2014-10-17T18:49:57.000Z" id="w3c-editor-s-draft-17-october-2014"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2014-10-17">17 October 2014</time></h2>
+  <h2 property="dcterms:issued" datatype="xsd:dateTime" content="2014-10-17T19:16:27.000Z" id="w3c-editor-s-draft-17-october-2014"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2014-10-17">17 October 2014</time></h2>
   <dl>
     
       <dt>This version:</dt>
@@ -1089,13 +1089,12 @@
             <li><p>Run the following steps asynchronously:</p>
               <ol>
                 <li><p>If the <var>init data</var> is not valid for <var title="true">initDataType</var>, reject <var>promise</var> with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">InvalidAccessError</a></code>.</p></li>
-                <li><p>Let <var>sanitized init data</var> be a validated and/or sanitized version of <var>init data</var>.</p>
-                  <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_15"><span>Note</span></div><p class="">The user agent should thoroughly validate the Initialization Data before passing it to the CDM.
-                    This may include verifying values are within reasonable limits, stripping irrelevant data or fields, pre-parsing it, sanitizing it, and/or generating a fully sanitized version.
-                    The user agent should check that the length and values of fields are reasonable.
-                    Unknown fields should be rejected or removed.
-                    For Initialization Data formats that support multiple entries, the user agent should remove entries that are not needed by the CDM.
-                  </p></div>
+                <li><p>Let <var>sanitized init data</var> be a validated and sanitized version of <var>init data</var>.</p>
+                  <p>The user agent <em class="rfc2119" title="MUST">MUST</em> thoroughly validate the <a href="#initialization-data">Initialization Data</a> before passing it to the CDM.
+                    This includes verifying that the length and values of fields are reasonable, verifying that values are within reasonable limits, and stripping irrelevant, unsupported, or unknown data or fields.
+                    It is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that user agents pre-parse, sanitize, and/or generate a fully sanitized version of the <a href="#initialization-data">Initialization Data</a>.
+                    If the <a href="#initialization-data">Initialization Data</a> format specified by <var title="true">initDataType</var> support multiple entries, the user agent <em class="rfc2119" title="SHOULD">SHOULD</em> remove entries that are not needed by the CDM.
+                  </p>
                 </li>
                 <li><p>If the previous step failed, reject <var>promise</var> with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">InvalidAccessError</a></code>.</p></li>
                 <li><p>Let <var title="true">session id</var> be the empty string.</p></li>
@@ -1108,21 +1107,21 @@
                       <dl class="switch">
                         <dt>If <var title="true">session type</var> is <code><a href="#idl-def-SessionType.temporary">"temporary"</a></code></dt>
                         <dd>Let <var title="true">requested session type</var> be a temporary non-persisted session.<p></p>
-                          <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_16"><span>Note</span></div><p class="">The returned license must not be persistable.</p></div>
+                          <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_15"><span>Note</span></div><p class="">The returned license must not be persistable.</p></div>
                         </dd>
                         <dt>If <var title="true">session type</var> is <code><a href="#idl-def-SessionType.persistent">"persistent"</a></code></dt>
                         <dd>Let <var title="true">requested session type</var> be a persistable session.<p>
-                          </p><div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_17"><span>Note</span></div><p class="">The returned license may be persistable.</p></div>
+                          </p><div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_16"><span>Note</span></div><p class="">The returned license may be persistable.</p></div>
                         </dd>
                       </dl>
-                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_18"><span>Note</span></div><p class="">The license server determines the type of license that is returned, either persistent or non-persistent. A persistent license cannot be added to a non-persistable session.</p></div>
+                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_17"><span>Note</span></div><p class="">The license server determines the type of license that is returned, either persistent or non-persistent. A persistent license cannot be added to a non-persistable session.</p></div>
                     </li>
       
                     <li><p>Let <var title="true">session id</var> be a unique <a href="#session-id">Session Id</a> string.</p>
                       <p>If <var title="true">session type</var> is <code><a href="#idl-def-SessionType.persistent">"persistent"</a></code>, the ID <em class="rfc2119" title="MUST">MUST</em> be unique within the the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <a href="http://dom.spec.whatwg.org/#concept-document">Document</a> over time, including across Documents and browsing sessions.</p>
                     </li>
                     <li><p>Let <var title="true">message</var> be a request for the <var title="true">requested session type</var> generated based on the <var>init data</var>, which is interpreted per <var title="true">initDataType</var>.</p>
-                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_19"><span>Note</span></div><p class="">For example, a license request.</p></div>
+                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_18"><span>Note</span></div><p class="">For example, a license request.</p></div>
                       <p>The <var title="true">cdm</var> <em class="rfc2119" title="MUST NOT">MUST NOT</em> use any stream-specific data, including <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, not provided via the <var>init data</var>.</p>
                       <p>The <var title="true">cdm</var> <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> store session data, including the session ID, at this point. See <a href="#session-storage">Session Storage and Persistence</a>.</p>
                     </li>
@@ -1175,7 +1174,7 @@
             <li><p>Run the following steps asynchronously:</p>
               <ol>
                 <li><p>Let <var>sanitized session ID</var> be a validated and/or sanitized version of <var title="true">sessionId</var>.</p>
-                  <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_20"><span>Note</span></div><p class="">The user agent should thoroughly validate the sessionId value before passing it to the CDM.
+                  <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_19"><span>Note</span></div><p class="">The user agent should thoroughly validate the sessionId value before passing it to the CDM.
                     At a minimum, this should include checking that the length and value (e.g. alphanumeric) are reasonable.
                   </p></div>
                 </li>
@@ -1191,7 +1190,7 @@
                     <li><p>Let <var title="true">session data</var> be the data stored for the <var>sanitized session ID</var> in the <var title="true">origin</var>.
                     This <em class="rfc2119" title="MUST NOT">MUST NOT</em> include data from other origin(s) or that is not associated with an origin.</p></li>
                     <li><p>If there is an unclosed <code><a href="#idl-def-SessionType.persistent">"persistent"</a></code> session in any <a href="http://dom.spec.whatwg.org/#concept-document">Document</a> representing the <var title="true">session data</var>, reject <var>promise</var> with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-QuotaExceededError">QuotaExceededError</a></code>.</p>
-                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_21"><span>Note</span></div><p class="">In other words, do not create a session if a non-closed persistent session already exists for this <var>sanitized session ID</var> in any browsing context.</p></div>
+                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_20"><span>Note</span></div><p class="">In other words, do not create a session if a non-closed persistent session already exists for this <var>sanitized session ID</var> in any browsing context.</p></div>
                     </li>
                     <li><p>Load the <var title="true">session data</var>.</p></li>
                     <li><p>If the <var title="true">session data</var> indicates an expiration time for the session, let <var title="true">expiration time</var> be the expiration time in milliseconds since 01 January 1970 UTC.</p></li>
@@ -1233,7 +1232,7 @@
                       <p>Process the remove request.</p>
                       <p>This <em class="rfc2119" title="MAY">MAY</em> involve exchanging message(s) with the application.</p>
                       <p>Unless this step fails, the CDM <em class="rfc2119" title="MUST">MUST</em> have cleared all stored session data associated with this object, including the <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code>, before proceeding to the next step.</p>
-                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_22"><span>Note</span></div><p class="">A subsequent call to <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code> with the value <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> would fail because there is no data stored for that session ID.</p></div>
+                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_21"><span>Note</span></div><p class="">A subsequent call to <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code> with the value <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> would fail because there is no data stored for that session ID.</p></div>
                     </li>
                   </ol>
                 </li>
@@ -1249,7 +1248,7 @@
             <li><p>Return <var>promise</var>.</p></li>
           </ol></dd><dt id="widl-MediaKeySession-update-Promise-void--ArrayBuffer-ArrayBufferView-response"><code>update</code></dt><dd>
           <p>Provides messages, including licenses, to the CDM.</p>
-          <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_23"><span>Note</span></div><p class="">The contents of <var title="true">response</var> are <a href="#key-system">Key System</a>-specific.</p></div>
+          <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_22"><span>Note</span></div><p class="">The contents of <var title="true">response</var> are <a href="#key-system">Key System</a>-specific.</p></div>
       
           
         <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">response</td><td class="prmType"><code>(ArrayBuffer or ArrayBufferView)</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc"></td></tr></tbody></table><div><em>Return type: </em><code>Promise&lt;void&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
@@ -1260,7 +1259,7 @@
             <li><p>Run the following steps asynchronously:</p>
               <ol>
                 <li><p>Let <var>sanitized response</var> be a validated and/or sanitized version of <var>response copy</var>.</p>
-                  <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_24"><span>Note</span></div><p class="">The user agent should thoroughly validate the response before passing it to the CDM.
+                  <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_23"><span>Note</span></div><p class="">The user agent should thoroughly validate the response before passing it to the CDM.
                     This may include verifying values are within reasonable limits, stripping irrelevant data or fields, pre-parsing it, sanitizing it, and/or generating a fully sanitized version.
                     The user agent should check that the length and values of fields are reasonable.
                     Unknown fields should be rejected or removed.
@@ -1285,10 +1284,10 @@
                         <dd>Reject <var>promise</var> with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">InvalidAccessError</a></code>.</dd>
                       </dl>
                       <p>See also <a href="#session-storage">Session Storage and Persistence</a>.</p>
-                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_25"><span>Note</span></div><p class="">When <var>sanitized response</var> contains key(s) and/or related data, <var title="true">cdm</var> will likely cache the key and related data indexed by key ID.</p></div>
-                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_26"><span>Note</span></div><p class="">The replacement algorithm within a session is <a href="#key-system">Key System</a>-dependent.</p></div>
+                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_24"><span>Note</span></div><p class="">When <var>sanitized response</var> contains key(s) and/or related data, <var title="true">cdm</var> will likely cache the key and related data indexed by key ID.</p></div>
+                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_25"><span>Note</span></div><p class="">The replacement algorithm within a session is <a href="#key-system">Key System</a>-dependent.</p></div>
                       <p>Keys from different sessions <em class="rfc2119" title="SHOULD">SHOULD</em> be cached independently such that closing one session does not affect keys in other sessions, even if they have overlapping key IDs.</p>
-                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_27"><span>Note</span></div><p class="">It is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that CDM implementations support a standard and reasonably high minimum number of keys per <code><a href="#idl-def-MediaKeySession">MediaKeySession</a></code> object, including a standard replacement algorithm, and a standard and reasonably high minimum number of <code><a href="#idl-def-MediaKeySession">MediaKeySession</a></code> objects.
+                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_26"><span>Note</span></div><p class="">It is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that CDM implementations support a standard and reasonably high minimum number of keys per <code><a href="#idl-def-MediaKeySession">MediaKeySession</a></code> object, including a standard replacement algorithm, and a standard and reasonably high minimum number of <code><a href="#idl-def-MediaKeySession">MediaKeySession</a></code> objects.
                       This enables a reasonable number of key rotation algorithms to be implemented across user agents and may reduce the likelihood of playback interruptions in use cases that involve various streams in the same element (i.e. adaptive streams, various audio and video tracks) using different keys.
                       </p></div>
                     </li> 
@@ -1351,7 +1350,7 @@
       <section id="mediakeysession-events" class="informative" typeof="bibo:Chapter" resource="#mediakeysession-events" rel="bibo:Chapter">
         <h3 role="heading" id="h3_mediakeysession-events"><span class="secno">5.4 </span>Event Summary</h3><p><em>This section is non-normative.</em></p>
     
-        <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_28"><span>Note</span></div><p class="">In some implementations, <code><a href="#idl-def-MediaKeySession">MediaKeySession</a></code> objects may not fire any events until the <code><a href="#idl-def-MediaKeys">MediaKeys</a></code> object is associated with a media element using <code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys()</a></code>.</p></div>
+        <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_27"><span>Note</span></div><p class="">In some implementations, <code><a href="#idl-def-MediaKeySession">MediaKeySession</a></code> objects may not fire any events until the <code><a href="#idl-def-MediaKeys">MediaKeys</a></code> object is associated with a media element using <code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys()</a></code>.</p></div>
     
         <table class="old-table">
           <thead>
@@ -1410,7 +1409,7 @@
             <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-evt-keyschange">keyschange</a></code> at the <var title="true">session</var>.</p></li>
             <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to run the <a href="#algorithms-resume-playback">attempt to resume playback if necessary algorithm</a> on each of the media element(s) whose <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute is the MediaKeys object that created the <var title="true">session</var>.</p>
               <p>The user agent <em class="rfc2119" title="MAY">MAY</em> choose to skip this step if it knows resuming will fail.</p>
-              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_29"><span>Note</span></div><p class="">For example, the user agent may skip this step if no additional keys became available.</p></div>
+              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_28"><span>Note</span></div><p class="">For example, the user agent may skip this step if no additional keys became available.</p></div>
             </li>
           </ol>
         </section>
@@ -1433,7 +1432,7 @@
         <section id="algorithms-session-close" typeof="bibo:Chapter" resource="#algorithms-session-close" rel="bibo:Chapter">
           <h4 role="heading" id="h4_algorithms-session-close"><span class="secno">5.5.4 </span>Session Close</h4>
           <p>The Session Close algorithm is run when the CDM closes the session associated with a <code><a href="#idl-def-MediaKeySession">MediaKeySession</a></code> object.</p>
-          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_30"><span>Note</span></div><p class="">The CDM may close a session at any point, such as in response to a <code><a href="#widl-MediaKeySession-close-Promise-void">close()</a></code> call, when the session is no longer needed, or when system resources are lost.
+          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_29"><span>Note</span></div><p class="">The CDM may close a session at any point, such as in response to a <code><a href="#widl-MediaKeySession-close-Promise-void">close()</a></code> call, when the session is no longer needed, or when system resources are lost.
           Keys in other sessions <em class="rfc2119" title="SHOULD">SHOULD</em> be unaffected, even if they have overlapping key IDs.
           </p></div>
           <p>The following steps are run:</p>
@@ -1520,7 +1519,7 @@
         <p>An application that creates a <code><a href="#idl-def-SessionType.persistent">"persistent"</a></code> session <em class="rfc2119" title="SHOULD">SHOULD</em> later remove the stored data using <code><a href="#widl-MediaKeySession-remove-Promise-void">remove()</a></code>.
           The CDM <em class="rfc2119" title="MAY">MAY</em> also remove sessions as appropriate, but applications <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> rely on this.
         </p>
-        <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_31"><span>Note</span></div><p class="">See the <a href="#security">Security Considerations</a> and <a href="#privacy">Privacy Considerations</a> sections for additional considerations when supporting persistent storage.</p></div>
+        <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_30"><span>Note</span></div><p class="">See the <a href="#security">Security Considerations</a> and <a href="#privacy">Privacy Considerations</a> sections for additional considerations when supporting persistent storage.</p></div>
       </section>
     </section>
 
@@ -1560,8 +1559,8 @@
       
           
           
-          <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_34"><span>Note</span></div><p class="">Support for clearing or replacing the associated <code><a href="#idl-def-MediaKeys">MediaKeys</a></code> object during playback is a quality of implementation issue. In many cases it will result in a bad user experience or rejected promise.</p></div>
-          <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_35"><span>Note</span></div><p class="">As a best practice, applications should create a MediaKeys object and call <code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys()</a></code> before providing <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> (for example, setting the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#attr-media-src">src</a></code> attribute). This avoids potential delays in some implementations.</p></div>
+          <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_33"><span>Note</span></div><p class="">Support for clearing or replacing the associated <code><a href="#idl-def-MediaKeys">MediaKeys</a></code> object during playback is a quality of implementation issue. In many cases it will result in a bad user experience or rejected promise.</p></div>
+          <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_34"><span>Note</span></div><p class="">As a best practice, applications should create a MediaKeys object and call <code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys()</a></code> before providing <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> (for example, setting the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#attr-media-src">src</a></code> attribute). This avoids potential delays in some implementations.</p></div>
         <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">mediaKeys</td><td class="prmType"><code><a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a></code></td><td class="prmNullTrue"><span role="img" aria-label="True">✔</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc"></td></tr></tbody></table><div><em>Return type: </em><code>Promise&lt;void&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
             <!-- For simplicity and consistency, do not allow multiple pending calls. -->
             <li><p>If <var>mediaKeys</var> and the <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute are the same object, return a resolved promise.</p></li>
@@ -1575,7 +1574,7 @@
                   <ol>
                     <li><p>If the user agent or CDM do not support removing the association, let this object's <var title="true">attaching media keys</var> value be false and reject <var>promise</var> with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p></li>
                     <li><p>If the association cannot currently be removed, let this object's <var title="true">attaching media keys</var> value be false and reject <var>promise</var> with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p>
-                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_32"><span>Note</span></div><p class="">For example, some implementations may not allow removal during playback.</p></div>
+                      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_31"><span>Note</span></div><p class="">For example, some implementations may not allow removal during playback.</p></div>
                     </li>
                     <li><p>Stop using the CDM instance represented by the <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute to decrypt <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> and remove the association with the media element.</p></li>
                     <li><p>If the preceding step failed, let this object's <var title="true">attaching media keys</var> value be false and reject <var>promise</var> with a new <code><a href="http://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is the appropriate <a href="#error-names">error name</a>.</p></li>
@@ -1593,7 +1592,7 @@
                     </li>
                     <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to run the <a href="#algorithms-resume-playback">attempt to resume playback if necessary algorithm</a> on the media element.</p>
                       <p>The user agent <em class="rfc2119" title="MAY">MAY</em> choose to skip this step if it knows resuming will fail.</p><p>
-                      </p><div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_33"><span>Note</span></div><p class="">For example, the user agent may skip this step if <var>mediaKeys</var> has no sessions.</p></div>
+                      </p><div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_32"><span>Note</span></div><p class="">For example, the user agent may skip this step if <var>mediaKeys</var> has no sessions.</p></div>
                     </li>
                   </ol>
                 </li>
@@ -1653,7 +1652,7 @@
               <td><a href="#idl-def-MediaEncryptedEvent" class="idlType"><code>MediaEncryptedEvent</code></a></td>
               <td>The user agent encounters <a href="#initialization-data">Initialization Data</a> in the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.</td>
               <td><code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-readystate">readyState</a></code> is equal to <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-have_metadata">HAVE_METADATA</a></code> or greater.
-              <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_36"><span>Note</span></div><p class="">It is possible that the element is playing or has played.</p></div>
+              <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_35"><span>Note</span></div><p class="">It is possible that the element is playing or has played.</p></div>
               </td>
             </tr>
           </tbody>
@@ -1676,7 +1675,7 @@
                 <li><p>Let <var title="">initDataType</var> be the string representing the <a href="#initialization-data-type">Initialization Data Type</a> of the Initialization Data.</p></li>
                 <li><p>Let <var title="">initData</var> be the Initialization Data.</p></li>
               </ol>
-              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_37"><span>Note</span></div><p class="">While the media element may allow loading of "Optionally-blockable Content" [<cite><a class="bibref" href="#bib-MIXED-CONTENT">MIXED-CONTENT</a></cite>], the user agent <em class="rfc2119" title="MUST NOT">MUST NOT</em> expose Initialization Data from such media data to the application.</p></div>
+              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_36"><span>Note</span></div><p class="">While the media element may allow loading of "Optionally-blockable Content" [<cite><a class="bibref" href="#bib-MIXED-CONTENT">MIXED-CONTENT</a></cite>], the user agent <em class="rfc2119" title="MUST NOT">MUST NOT</em> expose Initialization Data from such media data to the application.</p></div>
             </li>
             <li>
               <p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-evt-encrypted">encrypted</a></code> at the media element.</p>
@@ -1685,8 +1684,8 @@
                 <code><a href="#widl-MediaEncryptedEventInit-initDataType">initDataType</a></code> = <var title="">initDataType</var><br><br>
                 <code><a href="#widl-MediaEncryptedEventInit-initData">initData</a></code> = <var title="">initData</var>
               </li></ul>
-              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_38"><span>Note</span></div><p class=""><code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-readystate">readyState</a></code> is <em>not</em> changed and no algorithms are aborted. This event merely provides information.</p></div>
-              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_39"><span>Note</span></div><p class="">The <code><a href="#widl-MediaEncryptedEventInit-initData">initData</a></code> attribute will be null if the media data is <em>not</em> <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> or is <a href="#mixed-content">mixed content</a>.
+              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_37"><span>Note</span></div><p class=""><code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-readystate">readyState</a></code> is <em>not</em> changed and no algorithms are aborted. This event merely provides information.</p></div>
+              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_38"><span>Note</span></div><p class="">The <code><a href="#widl-MediaEncryptedEventInit-initData">initData</a></code> attribute will be null if the media data is <em>not</em> <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> or is <a href="#mixed-content">mixed content</a>.
                 Applications may retrieve the Initialization Data from an alternate source.
               </p></div>
             </li>
@@ -1705,10 +1704,10 @@
                 <li><p>Let <var title="true">media keys</var> be the <code><a href="#idl-def-MediaKeys">MediaKeys</a></code> object referenced by that atribute.</p></li>
                 <li><p>Let <var title="true">cdm</var> be the CDM loaded during the <a href="#widl-MediaKeySystemAccess-createMediaKeys-Promise-MediaKeys">initialization</a> of the <var title="true">media keys</var>.</p></li>
                 <li><p>If there is at least one <code><a href="#idl-def-MediaKeySession">MediaKeySession</a></code> created by the <var title="true">media keys</var> on which the <a href="#algorithms-session-close">session close algorithm</a> has not been run, run the following steps:</p>
-                  <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_40"><span>Note</span></div><p class="">This check ensures the <var title="true">cdm</var> has finished loading and is a prequisite for a matching key being available.</p></div>
+                  <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_39"><span>Note</span></div><p class="">This check ensures the <var title="true">cdm</var> has finished loading and is a prequisite for a matching key being available.</p></div>
                   <ol>
                     <li><p>Let the <var title="true">block key ID</var> be the key ID of the current block.</p>
-                      <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_41"><span>Note</span></div><p class="">The key ID is generally specified by the container.</p></div>
+                      <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_40"><span>Note</span></div><p class="">The key ID is generally specified by the container.</p></div>
                     </li>
                     <li><p>Use the <var title="true">cdm</var> to execute the following steps:</p>
                       <ol>
@@ -1719,7 +1718,7 @@
                           <dd>Run the following steps:
                             <ol>
                               <li><p>Let <var title="">block key</var> be the matching key.</p>
-                                <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_42"><span>Note</span></div><p class="">If multiple sessions contain a <em>usable</em> key for the <var title="">block key ID</var>, which key to use is <a href="#key-system">Key System</a>-dependent.</p></div>
+                                <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_41"><span>Note</span></div><p class="">If multiple sessions contain a <em>usable</em> key for the <var title="">block key ID</var>, which key to use is <a href="#key-system">Key System</a>-dependent.</p></div>
                               </li>
                               <li><p>Use the <var title="true">cdm</var> to decrypt the block using <var title="">block key</var>.</p></li>
                               <li><p>Follow the steps for the first matching condition from the following list:</p>
@@ -1731,12 +1730,12 @@
                                     <ol>
                                       <li><p>If the <code><a href="#widl-HTMLMediaElement-waitingFor">waitingFor</a></code> attribute on the media element is <code><a href="#idl-def-MediaWaitingFor.key">"key"</a></code>, set the <code><a href="#widl-HTMLMediaElement-waitingFor">waitingFor</a></code> attribute on the media element to <code><a href="#idl-def-MediaWaitingFor.none">"none"</a></code>.</p></li>
                                       <li><p>Abort these steps and process the decrypted block as normal.</p>
-                                        <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_43"><span>Note</span></div><p class="">In other words, decode the block.</p></div>
+                                        <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_42"><span>Note</span></div><p class="">In other words, decode the block.</p></div>
                                       </li>
                                     </ol>
                                   </dd>
                                 </dl>
-                                <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_44"><span>Note</span></div><p class="">Not all decryption problems (i.e. using the wrong key) will result in a decryption failure. In such cases, no error is fired here but one may be fired during decode.</p></div>
+                                <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_43"><span>Note</span></div><p class="">Not all decryption problems (i.e. using the wrong key) will result in a decryption failure. In such cases, no error is fired here but one may be fired during decode.</p></div>
                               </li>
                             </ol>
                           </dd>
@@ -1745,7 +1744,7 @@
                             <div class="issue"><div class="issue-title" aria-level="3" role="heading" id="h_issue_7"><span>Issue 7</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=26372">Bug 26372</a> - It is TBD whether anything should happen in this case.</p></div>
                           </dd>
                           </dl>
-                          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_45"><span>Note</span></div><p class="">Otherwise, there is no key for the <var title="true">block key ID</var> in any session so continue.</p></div>
+                          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_44"><span>Note</span></div><p class="">Otherwise, there is no key for the <var title="true">block key ID</var> in any session so continue.</p></div>
                         </li>
                       </ol>
                     </li>
@@ -1755,7 +1754,7 @@
             </li>
             <li>
               <p>Run the following steps:</p>
-              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_46"><span>Note</span></div><p class="">These steps are reached when there is no usable key for the block.</p></div>
+              <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_45"><span>Note</span></div><p class="">These steps are reached when there is no usable key for the block.</p></div>
               <ol>
                 <li><p>Run the <a href="#algorithms-queue-waiting">queue a "waiting" event algorithm</a> on the media element.</p></li>
                 <li><p>Wait for a signal to resume playback.</p></li>
@@ -1763,7 +1762,7 @@
             </li>
           </ol>
       
-          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_47"><span>Note</span></div><div class="">
+          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_46"><span>Note</span></div><div class="">
             <p>For frame-based encryption, this may be implemented as follows when the media element attempts to decode a frame as part of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>:</p>
             <ol>
               <li><p>Let <var title="">encrypted</var> be false.</p></li>
@@ -1844,7 +1843,7 @@
     <section id="common-key-systems" typeof="bibo:Chapter" resource="#common-key-systems" rel="bibo:Chapter">
       <!--OddPage--><h2 role="heading" id="h2_common-key-systems"><span class="secno">7. </span>Common Key Systems</h2>
       <p>All user agents <em class="rfc2119" title="MUST">MUST</em> support the common key systems described in this section.</p><p>
-      </p><div class="note"><div class="note-title" aria-level="1" role="heading" id="h_note_48"><span>Note</span></div><p class="">This ensures that there is a common baseline level of protection that is guaranteed to be supported in all user agents, including those that are entirely open source.
+      </p><div class="note"><div class="note-title" aria-level="1" role="heading" id="h_note_47"><span>Note</span></div><p class="">This ensures that there is a common baseline level of protection that is guaranteed to be supported in all user agents, including those that are entirely open source.
         Thus, content providers that need only basic protection can build simple applications that will work on all platforms without needing to work with any content protection providers.
       </p></div>