- From: Leonard Rosenthol <lrosenth@adobe.com>
- Date: Sun, 24 Jan 2010 05:37:48 -0800
- To: Maciej Stachowiak <mjs@apple.com>, Adam Barth <w3c@adambarth.com>
- CC: Ian Hickson <ian@hixie.ch>, "public-html@w3.org" <public-html@w3.org>
The problem here is that unlike the other method (@sandbox), where the page author has control over what things are sandboxed and what are not - there is no such control when using a mimetype :(. That means that a renegade server (or proxy or ...) could simply swap out mimetypes and block a users access to required content (exposed via plugins). I don't consider that acceptable and would prefer to see it remain as it does, that plugins can also run in this mode _OR_ that all "sandboxable content" (scripts, etc.) also get turned off. Be consistent. Leonard -----Original Message----- From: public-html-request@w3.org [mailto:public-html-request@w3.org] On Behalf Of Maciej Stachowiak Sent: Wednesday, January 20, 2010 3:15 AM To: Adam Barth Cc: Ian Hickson; public-html@w3.org Subject: Re: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html) On Jan 19, 2010, at 5:52 PM, Adam Barth wrote: > > Consider the case of Google Gears. Gears provides access to databases > based on the origin of the embedding page. Unfortunately, Gears > doesn't understand text/html-sandboxed and so would grant the > sandboxed content access to the origin's databases. It seems like, in this case, if plugins are blocked, then you can't use a redirect to circumvent the protection. Likewise if Flash has similar vulnerabilities (I suspect it does). Regards, Maciej
Received on Sunday, 24 January 2010 13:38:29 UTC