W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > August 2011

[Bug 13032] "allow-plugins" option for iframe sandbox attribute

From: <bugzilla@jessica.w3.org>
Date: Thu, 04 Aug 2011 17:02:17 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Qp1JJ-000884-2F@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13032

--- Comment #11 from Aryeh Gregor <ayg@aryeh.name> 2011-08-04 17:02:15 UTC ---
If the attacker can get the user to install a malicious plugin, they can run
arbitrary code already.  As long as that's the case, it doesn't hurt anything
extra that the plugin also breaks out of sandboxes.  If the plugin is some
special type of restricted plugin that can't run arbitrary code and can only
communicate with the browser and system through well-defined APIs, then those
APIs could be designed such that it's not able to break out of sandboxes
either.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 4 August 2011 17:02:18 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:16 UTC