Element leaks

Some HTML Elements might be used to leak a portion of data to a cross-origin page. For example, the below media resources can leak information about its size, duration, type.

• HTMLMediaElement leaks the media duration and the buffered times. Run demo
• HTMLVideoElement leaks the videoHeight and videoWidth some browsers may also have webkitVideoDecodedByteCount, webkitAudioDecodedByteCount and webkitDecodedFrameCount
• getVideoPlaybackQuality() leaks the totalVideoFrames.
• HTMLImageElement leaks the height and width but if the image is invalid they will be 0 and image.decode() will get rejected. Run demo

It’s possible to differentiate between media types via unique property for a given media type. For example, it is videoWidth for a <video>, or duration for an <audio>. The below snippet shows an example code that returns the type of a resource.