What defines a "plugin"? WRT sandboxing?

When defining and implementing sandboxing, is the requirement to disable plugins restricted ONLY to actual technologies implemented by plugins to the browser/UA _OR_ does it really mean content not in a format documented by the HTML5 spec.

For example, Safari (on the Mac) knows how to natively view PDF documents.  If Safari encounters an HTML document with a reference to an embedded PDF (<object> or <embed>) it will currently render that document through its own technology, whereas other browsers will use available plugins to do so.  When that same HTML is now served as sandbox, then clearly the other browsers will stop viewing PDF - but should Safari?

OR consider Adobe AIR which (through WebKit) can act as an HTML5 UA and incorporates native support for Flash.  Does it have to disable Flash, since it isn't using sandbox?

Looking forward to the discussion...


Received on Sunday, 24 January 2010 13:45:02 UTC