W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html)

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 13 Jan 2010 13:39:24 -0800
Message-ID: <7789133a1001131339o40a7a174u7ea0adcf6e469838@mail.gmail.com>
To: Leonard Rosenthol <lrosenth@adobe.com>
Cc: Maciej Stachowiak <mjs@apple.com>, Ian Hickson <ian@hixie.ch>, "public-html@w3.org" <public-html@w3.org>
On Wed, Jan 13, 2010 at 12:33 PM, Leonard Rosenthol <lrosenth@adobe.com> wrote:
>>Of course, once we have an API for plug-ins to understand these
>>security restrictions, we can lift the prohibition in case (2) for
>>plug-ins that understand the security model.
>
> Why only case #2 and not 1 as well?  As long as the plugins are able to declare their ability to participate in a sandboxed environment - why does it matter whether how that is defined?
>
> It seems to me that the model for sandboxing needs to be consistent (in all aspects) regardless of how you specify it...

I actually had a sentence in that email about doing the same thing in
case (1), but I decided it was redundant with the other thread.  We
definitely should make the two cases consistent.

Adam
Received on Wednesday, 13 January 2010 21:40:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:57 GMT