--- a/encrypted-media/encrypted-media.html Mon Sep 16 22:09:35 2013 -0700
+++ b/encrypted-media/encrypted-media.html Mon Sep 16 22:20:40 2013 -0700
@@ -260,7 +260,7 @@
<h4 id="cross-origin-support">1.2.5. Cross Origin Support</h4>
<p>During playback, embedded media data is exposed to script in the embedding origin. In order for the API to fire <code><a href="#dom-needkey">needkey</a></code>
- and <code><a href="#dom-keymessage">keymessage</a></code> events, <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> needs to be <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> with the embedding page.
+ and <code><a href="#dom-keymessage">keymessage</a></code> events, <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> must be <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> with the embedding page.
If <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is cross-origin with the embedding document, authors should use the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#attr-media-crossorigin">crossorigin</a> attribute
on the <a href="#media-element">media element</a> and CORS headers on the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> response to make it <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a>.
</p>
@@ -945,7 +945,7 @@
</dl>
<p class="non-normative">Note: Not all decryption problems (i.e. using the wrong key) will result in a decryption failure. In such cases, no error is fired here but one may be fired during decode.</p>
</dd>
- <dt>If there is an event handler for <code><a href="#dom-needkey">needkey</a></code> and the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a>
+ <dt>If there is an event handler for <code><a href="#dom-needkey">needkey</a></code>
</dt>
<dd>
<p>Take no action.</p>
--- a/encrypted-media/encrypted-media.xml Mon Sep 16 22:09:35 2013 -0700
+++ b/encrypted-media/encrypted-media.xml Mon Sep 16 22:20:40 2013 -0700
@@ -256,7 +256,7 @@
<h4 id="cross-origin-support">1.2.5. Cross Origin Support</h4>
<p>During playback, embedded media data is exposed to script in the embedding origin. In order for the API to fire <coderef>needkey</coderef>
- and <coderef>keymessage</coderef> events, <videoanchor name="media-data">media data</videoanchor> needs to be <cors-same-origin/> with the embedding page.
+ and <coderef>keymessage</coderef> events, <videoanchor name="media-data">media data</videoanchor> must be <cors-same-origin/> with the embedding page.
If <videoanchor name="media-data">media data</videoanchor> is cross-origin with the embedding document, authors should use the <videoanchor name="attr-media-crossorigin">crossorigin</videoanchor> attribute
on the <a href="#media-element">media element</a> and CORS headers on the <videoanchor name="media-data">media data</videoanchor> response to make it <cors-same-origin/>.
</p>
@@ -888,7 +888,7 @@
</dl>
<p class="non-normative">Note: Not all decryption problems (i.e. using the wrong key) will result in a decryption failure. In such cases, no error is fired here but one may be fired during decode.</p>
</dd>
- <dt>If there is an event handler for <coderef>needkey</coderef> and the <videoanchor name="media-data">media data</videoanchor> is <cors-same-origin/></dt>
+ <dt>If there is an event handler for <coderef>needkey</coderef></dt>
<dd>
<p>Take no action.</p>
<p class="non-normative">The <a href="#media-element">media element</a> is said to be <videoref name="potentially-playing">potentially playing</videoref>