W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2006

[whatwg] Content Restrictions

From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 30 Jan 2006 12:49:29 +0000
Message-ID: <43DE0B59.8060906@mozilla.org>
Ian Hickson wrote:
> My first impression is that it is far too complex and over-engineered.

OK... What do you think the requirements are for a solution to this
problem? I tried to make my types of restrictions match up with common
use cases, but I may well have picked the wrong ones.

> The problem with security is that people don't understand the issues. We 
> don't want to give authors too fine-grained control, because most authors 
> will get it wrong, but be lulled into a false sense of security because 
> they are "using Content Restrictions".

OK; but if your control is too coarse-grained, then people who want to
permit just a little bit of scripting are forced to not have any
restrictions at all.

> Still, I'm glad someone is looking at this stuff. It's important. You may 
> be interested (once the archives are back up, or using the other archive 
> site) in looking at the recent discussion on sandboxing in HTML5.

I found a four-message thread:
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-December/005294.html
The ideas proposed there are interesting but have the problem I outlined
in my original message of being capabilities rather than restrictions.

Has there been any more discussion you know of?

Gerv
Received on Monday, 30 January 2006 04:49:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:25 UTC