W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > June 2010

[Bug 9851] New: Allow plugins in @sandbox via "allow-plugins" option

From: <bugzilla@jessica.w3.org>
Date: Fri, 04 Jun 2010 14:12:39 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-9851-2486@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=9851

           Summary: Allow plugins in @sandbox via "allow-plugins" option
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: arturadib@gmail.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html@w3.org


The white-list option "allow-plugins" for sandboxed iframes has been discussed
before:

http://lists.w3.org/Archives/Public/public-html/2010Jan/0675.html

The option was dismissed on grounds that: (a) plugin APIs are not currently
compliant with @sandbox restrictions, and (b) it's not clear authors want this
option to go with iframes.

The ensuing discussion in the thread focused on how to address (a), which I
suppose was considered a pre-condition for the option.

I have revived the discussion on the "allow-plugins" option after working with
a concrete application that is being crippled by the lack of plugin support,
arguing that the option is useful even if plugin APIs are not yet
@sandbox-compliant:

http://lists.w3.org/Archives/Public/public-html/2010Jun/0047.html

Additional concerns were raised related to (a), but it was also agreed that the
allow-plugins option and plugin API compliance can make progress in
independently:

http://lists.w3.org/Archives/Public/public-html/2010Jun/0059.html
http://lists.w3.org/Archives/Public/public-html/2010Jun/0060.html
http://lists.w3.org/Archives/Public/public-html/2010Jun/0068.html

Since the present HTML5 specs already specify a "sandboxed plugins browsing
context flag", it's a simple matter of allowing the flag to be manipulated with
a white-list option.  (Perhaps a temporary warning in the specs can be added to
alert authors of possible lack of plugin API compliance).

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Friday, 4 June 2010 14:12:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 4 June 2010 14:12:44 GMT