Re: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html)

On Jan 19, 2010, at 5:52 PM, Adam Barth wrote:

> 
> Consider the case of Google Gears.  Gears provides access to databases
> based on the origin of the embedding page.  Unfortunately, Gears
> doesn't understand text/html-sandboxed and so would grant the
> sandboxed content access to the origin's databases.

It seems like, in this case, if plugins are blocked, then you can't use a redirect to circumvent the protection. Likewise if Flash has similar vulnerabilities (I suspect it does).

Regards,
Maciej

Received on Wednesday, 20 January 2010 02:15:52 UTC