W3C home > Mailing lists > Public > public-html@w3.org > January 2010

RE: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html)

From: Leonard Rosenthol <lrosenth@adobe.com>
Date: Sun, 24 Jan 2010 05:37:48 -0800
To: Maciej Stachowiak <mjs@apple.com>, Adam Barth <w3c@adambarth.com>
CC: Ian Hickson <ian@hixie.ch>, "public-html@w3.org" <public-html@w3.org>
Message-ID: <D23D6B9E57D654429A9AB6918CACEAA97CA341715F@NAMBX02.corp.adobe.com>
The problem here is that unlike the other method (@sandbox), where the page author has control over what things are sandboxed and what are not - there is no such control when using a mimetype :(.   That means that a renegade server (or proxy or ...) could simply swap out mimetypes and block a users access to required content (exposed via plugins).

I don't consider that acceptable and would prefer to see it remain as it does, that plugins can also run in this mode _OR_ that all "sandboxable content" (scripts, etc.) also get turned off.  Be consistent.

Leonard

-----Original Message-----
From: public-html-request@w3.org [mailto:public-html-request@w3.org] On Behalf Of Maciej Stachowiak
Sent: Wednesday, January 20, 2010 3:15 AM
To: Adam Barth
Cc: Ian Hickson; public-html@w3.org
Subject: Re: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html)


On Jan 19, 2010, at 5:52 PM, Adam Barth wrote:

> 
> Consider the case of Google Gears.  Gears provides access to databases
> based on the origin of the embedding page.  Unfortunately, Gears
> doesn't understand text/html-sandboxed and so would grant the
> sandboxed content access to the origin's databases.

It seems like, in this case, if plugins are blocked, then you can't use a redirect to circumvent the protection. Likewise if Flash has similar vulnerabilities (I suspect it does).

Regards,
Maciej
Received on Sunday, 24 January 2010 13:38:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:13 UTC