Fix #363: setServerCertificate() should sanitize the input before providing it to the CDM (#402)

ddorwin · web-flow · commit 99c90ddbabd2 · 2017-06-05T16:01:19.000-07:00
diff --git a/encrypted-media-respec.html b/encrypted-media-respec.html
@@ -1495,7 +1495,14 @@ <h2><a>MediaKeys</a> Interface</h2>
             <li><p>Let <var>promise</var> be a new promise.</p></li>
             <li><p>Run the following steps in parallel:</p>
               <ol>
-                <li><p>Use this object's <var>cdm instance</var> to process <var>certificate</var>.</p></li>
+                <li><p>Let <var>sanitized certificate</var> be a validated and/or sanitized version of <var>certificate</var>.</p>
+                  <p class="note">The user agent should thoroughly validate the certificate before passing it to the CDM.
+                    This may include verifying values are within reasonable limits, stripping irrelevant data or fields, pre-parsing it, sanitizing it, and/or generating a fully sanitized version.
+                    The user agent should check that the length and values of fields are reasonable.
+                    Unknown fields should be rejected or removed.
+                  </p>
+                </li>
+                <li><p>Use this object's <var>cdm instance</var> to process <var>sanitized certificate</var>.</p></li>
                 <li><p>If the preceding step failed, resolve <var>promise</var> with <a def-id="new-domexception-named"></a> <a def-id="appropriate-error-name"></a>.</p></li>
                 <li><p>Resolve <var>promise</var> with <code>true</code>.</p></li>
               </ol>
