W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: What defines a "plugin"? WRT sandboxing?

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 25 Jan 2010 15:19:16 +0100
Message-ID: <4B5DA864.9040100@gmx.de>
To: Leonard Rosenthol <lrosenth@adobe.com>
CC: Adam Barth <w3c@adambarth.com>, Maciej Stachowiak <mjs@apple.com>, "public-html@w3.org" <public-html@w3.org>
Leonard Rosenthol wrote:
> BUT a browser/UA is allowed to instantiate AY content that it believes complies with the provided security model, correct?
> 
> So Safari, if it believes that their built-in PDF support is "sandbox safe" could display such document on the Mac even though on Windows the same browser would not do so.   OR for that matter, what about a UA which relies on a plugin for SVG?  Are they to not allow embedded SVG in a sandbox simply because they have to use a plugin to implement it?
> 
> My point isn't to try to avoid the sandbox - I fully support the idea.  HOWEVER, I believe that "plugins" are being singled out inappropriately and that the correct solution is a more well thought out definition of what exactly we are trying to achieve.
> 
> Leonard
> ...

Looking into this I just realized that, to begin with, we may have to 
fix the definition of plugin. It used to be non-critical, but now it's 
referred to for iframe/@sandbox it is.

 From <http://dev.w3.org/html5/spec/Overview.html#plugins>:

"The term plugin is used to mean any content handler for Web content 
types that are either not supported by the user agent natively or that 
do not expose a DOM, which supports rendering the content as part of the 
user agent's interface."

- "Web content type" appears to be undefined. Is it just a media type?

- "do not expose a DOM": that seems to the content handler for JPGs a 
plugin, right?

Best regards, Julian
Received on Monday, 25 January 2010 14:19:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:13 UTC