W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > June 2011

[Bug 13032] "allow-plugins" option for iframe sandbox attribute

From: <bugzilla@jessica.w3.org>
Date: Thu, 23 Jun 2011 20:54:11 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1QZquh-0005Mm-Ts@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13032

--- Comment #2 from Shane Corgatelli <shane@eznettools.com> 2011-06-23 20:54:11 UTC ---
The point is that the sandbox will still prevent the most common methods of
opening new windows/tabs. A rogue plugin could still do something malicious,
but as I mentioned, I'm working on a kiosk application where the plugins
installed can be controlled.

My use case is that I want to restrict creation of new windows/tabs, but I also
want to be able to render flash content. The only plugins installed on the
kiosk would be flash and a plugin for video (probably totem plugin on our
standard linux installs).

Maybe I'm missing something, but I believe the risk to my application from
allowing those plugins would be small. I would be no worse off than not having
the sandbox at all, and would be better in most cases since I would avoid
problems with target and window.open calls.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 23 June 2011 20:54:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:53 UTC