Re: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html)

On Sun, Jan 24, 2010 at 7:37 AM, Leonard Rosenthol <> wrote:
> The problem here is that unlike the other method (@sandbox), where the page author has control over what things are sandboxed and what are not - there is no such control when using a mimetype :(.   That means that a renegade server (or proxy or ...) could simply swap out mimetypes and block a users access to required content (exposed via plugins).

Is this an attack to worry about?  A renegade server or proxy can do
*anything it wants* to the data passing through it over http; worrying
about one swapping mimetypes so that plugins don't work seems like
vacuuming a desert - there's still plenty of sand left over no matter
what you do.


Received on Sunday, 24 January 2010 15:46:01 UTC