W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: What defines a "plugin"? WRT sandboxing?

From: Maciej Stachowiak <mjs@apple.com>
Date: Sun, 24 Jan 2010 09:31:05 -0800
Cc: Leonard Rosenthol <lrosenth@adobe.com>, "public-html@w3.org" <public-html@w3.org>
Message-id: <6BF629B2-75DF-430E-8D72-C971FCC5B4D6@apple.com>
To: "Tab Atkins Jr." <jackalmage@gmail.com>

On Jan 24, 2010, at 9:18 AM, Tab Atkins Jr. wrote:

> On Sun, Jan 24, 2010 at 11:02 AM, Maciej Stachowiak <mjs@apple.com> wrote:
>> I think the bottom line is for any given piece of code, can you verify that
>> it enforces the sandbox constraints?
> 
> It's possible that different UAs have different verification
> abilities.  Would this cause any problems?  The definition of "plugin"
> you've stated for this purpose should suffice to prevent security
> issues even if different UAs react to various plugins differently, but
> there's still the matter of author expectations.

It would be hard to make a hard statement about what should be allowed or not. Consider PDF. Safari allows you to do <img src="foo.pdf">. Most other browsers don't. Should that be banned in sandboxed mode? Does that mean HTML5 needs to have a whitelist of image formats allowed in sandboxed mode? That would be odd, since it doesn't have a list of allowed image formats otherwise (not even a minimum requirement). I also note that Safari's support for PDF (and TIFF) images in non-sandboxed mode does not seem to have confused author expectations.

Regards,
Maciej
Received on Sunday, 24 January 2010 17:31:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:13 UTC