[EME] Explicitly disallow abuse of initData.
--- a/encrypted-media/encrypted-media-respec.html Fri Oct 17 09:43:04 2014 -0700
+++ b/encrypted-media/encrypted-media-respec.html Fri Oct 17 10:23:02 2014 -0700
@@ -253,6 +253,11 @@
The Encrypted Media Extensions Stream Format and Initialization Data Format Registry [[EME-REGISTRY]]
provides the mapping from initialization data type string to the specification for each format.
</p>
+
+ <p>Initialization Data MUST be a fixed value for a given set of stream(s) or <a def-id="media-data"></a>.
+ It MUST only contain information related to the keys required to play a given set of stream(s) or <a def-id="media-data"></a>.
+ It MUST NOT contain application data, client-specific data, user-specific data, or <a href="#decryption-key">key(s)</a>.
+ </p>
</dd>
<dt id="cross-origin">Cross Origin Limitations</dt>
--- a/encrypted-media/encrypted-media.html Fri Oct 17 09:43:04 2014 -0700
+++ b/encrypted-media/encrypted-media.html Fri Oct 17 10:23:02 2014 -0700
@@ -445,7 +445,7 @@
</p>
<h1 class="title p-name" id="title" property="dcterms:title">Encrypted Media Extensions</h1>
- <h2 property="dcterms:issued" datatype="xsd:dateTime" content="2014-10-17T17:17:51.000Z" id="w3c-editor-s-draft-17-october-2014"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2014-10-17">17 October 2014</time></h2>
+ <h2 property="dcterms:issued" datatype="xsd:dateTime" content="2014-10-17T17:22:34.000Z" id="w3c-editor-s-draft-17-october-2014"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2014-10-17">17 October 2014</time></h2>
<dl>
<dt>This version:</dt>
@@ -734,6 +734,11 @@
The Encrypted Media Extensions Stream Format and Initialization Data Format Registry [<cite><a class="bibref" href="#bib-EME-REGISTRY">EME-REGISTRY</a></cite>]
provides the mapping from initialization data type string to the specification for each format.
</p>
+
+ <p>Initialization Data <em class="rfc2119" title="MUST">MUST</em> be a fixed value for a given set of stream(s) or <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
+ It <em class="rfc2119" title="MUST">MUST</em> only contain information related to the keys required to play a given set of stream(s) or <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
+ It <em class="rfc2119" title="MUST NOT">MUST NOT</em> contain application data, client-specific data, user-specific data, or <a href="#decryption-key">key(s)</a>.
+ </p>
</dd>
<dt id="cross-origin">Cross Origin Limitations</dt>