- From: <bugzilla@jessica.w3.org>
- Date: Thu, 04 Aug 2011 15:59:15 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13032 --- Comment #10 from Jacob Rossi [MSFT] <jrossi@microsoft.com> 2011-08-04 15:59:14 UTC --- (In reply to comment #7) > (In reply to comment #6) > > Agreed. > > > > What I do think we should do is to make it clear that plugins are allowed to > > run in the sandbox, as long as the browser is sure that it satisfies the > > restrictions put upon the sandbox. > > > > So for example if it was possible for the browser to tell Flash that it's not > > allowed to run script and not allowed to navigate any parent frames, and those > > are the only restrictions placed on a given sandbox, then the browser could run > > flash. > > Related to this: <https://wiki.mozilla.org/Plugins:SandboxedPlugins> Even with this kind of approach, I don't see how you can guarantee security. What stops an attacker from creating a plugin which claims support for sandboxing but doesn't in reality? -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Thursday, 4 August 2011 15:59:17 UTC