- From: <bugzilla@jessica.w3.org>
- Date: Fri, 24 Jun 2011 16:26:38 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13032 --- Comment #4 from Shane Corgatelli <shane@eznettools.com> 2011-06-24 16:26:37 UTC --- I like the idea of allowing authors to specify which plugins they will allow. Even if your first suggestion of only loading "safe-plugins" is implemented it may still be a good idea to allow authors specify the types of allowed plugins. We could scrap my suggestion of adding "allow-plugins" and instead create a new attribute that would white list plugins based on mime-types. So if I wanted an iframe to allow flash and video I could do something like: <iframe src="..." sandbox allowplugins="application/x-shockwave-flash video/mpeg"></iframe> One thing I don't like about this is that the new attribute depends on the sandbox attribute. We could potentially list the allowed mime types in the sandbox attribute directly, but I don't think that would be as clear as having a separate attribute. While it is true that my use case is just one specific example, I believe that it demonstrates a need in the sandbox feature. Your example of sandboxing ads is another. Another may be mash-ups where video (non-HTML5) or flash content is embedded. Intranets could be another example of a controlled environment where this capability may be useful. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Friday, 24 June 2011 16:26:40 UTC