- From: Maciej Stachowiak <mjs@apple.com>
- Date: Tue, 19 Jan 2010 18:15:18 -0800
- To: Adam Barth <w3c@adambarth.com>
- Cc: Ian Hickson <ian@hixie.ch>, "public-html@w3.org" <public-html@w3.org>
On Jan 19, 2010, at 5:52 PM, Adam Barth wrote: > > Consider the case of Google Gears. Gears provides access to databases > based on the origin of the embedding page. Unfortunately, Gears > doesn't understand text/html-sandboxed and so would grant the > sandboxed content access to the origin's databases. It seems like, in this case, if plugins are blocked, then you can't use a redirect to circumvent the protection. Likewise if Flash has similar vulnerabilities (I suspect it does). Regards, Maciej
Received on Wednesday, 20 January 2010 02:15:52 UTC