RE: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html)

The problem here is that unlike the other method (@sandbox), where the page author has control over what things are sandboxed and what are not - there is no such control when using a mimetype :(.   That means that a renegade server (or proxy or ...) could simply swap out mimetypes and block a users access to required content (exposed via plugins).

I don't consider that acceptable and would prefer to see it remain as it does, that plugins can also run in this mode _OR_ that all "sandboxable content" (scripts, etc.) also get turned off.  Be consistent.

Leonard

-----Original Message-----
From: public-html-request@w3.org [mailto:public-html-request@w3.org] On Behalf Of Maciej Stachowiak
Sent: Wednesday, January 20, 2010 3:15 AM
To: Adam Barth
Cc: Ian Hickson; public-html@w3.org
Subject: Re: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html)


On Jan 19, 2010, at 5:52 PM, Adam Barth wrote:

> 
> Consider the case of Google Gears.  Gears provides access to databases
> based on the origin of the embedding page.  Unfortunately, Gears
> doesn't understand text/html-sandboxed and so would grant the
> sandboxed content access to the origin's databases.

It seems like, in this case, if plugins are blocked, then you can't use a redirect to circumvent the protection. Likewise if Flash has similar vulnerabilities (I suspect it does).

Regards,
Maciej

Received on Sunday, 24 January 2010 13:38:29 UTC