[Bug 9851] Allow plugins in @sandbox via "allow-plugins" option


Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
             Status|REOPENED                    |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #3 from Ian 'Hixie' Hickson <ian@hixie.ch> 2010-11-05 01:05:17 UTC ---
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are
satisfied with this response, please change the state of this bug to CLOSED. If
you have additional information and would like the editor to reconsider, please
reopen this bug. If you would like to escalate the issue to the full HTML
Working Group, please add the TrackerRequest keyword to this bug, and suggest
title and text for the tracker issue; or you may create a tracker issue
yourself, if you are able to do so. For more details, see this document:

Status: Rejected
Change Description: no spec change
Rationale: Allowing plugins that don't respect the sandbox is as pointless as
enabling scripts and same-origin at the same time. The latter is only possible
because you can enable scripts separate from enabling same-origin. However,
there's no time that enabling unsafe plugins makes sense in a sandbox. You
might as well just not have the sandbox.

If plugins _were_ sandbox-aware, you might _still_ want to disable them, for
the same reason you might want to disable scripts (i.e. because you don't want
any active content). That's why it might make sense to add this once plugins
are sandbox aware.

Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Friday, 5 November 2010 01:05:19 UTC