Reported by djharpe...@gmail.com, Jul 6
blog about this - https://djhworld.github.io/post/2018/08/12/i-thought-i-found-a-browser-security-bug/ and corresponding mozilla bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1473833
> we don't constrain it based the the extension of the resource file (i.e. '.webm') That's understandable, but assuming I'm understanding this issue correctly, isn't the problem that Chrome is ignoring the explicitly specified `type="video/webm"` attribute on the embed tag? That's more than just a file extension.
Yes, there is a case for that. A discussion was started on the HTML standard and it looks like the spec will be patched. I expect we will implement that change.
Sign in to add a comment