- From: Maciej Stachowiak <mjs@apple.com>
- Date: Sun, 24 Jan 2010 08:55:36 -0800
- To: Leonard Rosenthol <lrosenth@adobe.com>
- Cc: Adam Barth <w3c@adambarth.com>, Ian Hickson <ian@hixie.ch>, "public-html@w3.org" <public-html@w3.org>
On Jan 24, 2010, at 5:37 AM, Leonard Rosenthol wrote: > The problem here is that unlike the other method (@sandbox), where the page author has control over what things are sandboxed and what are not - there is no such control when using a mimetype :(. That means that a renegade server (or proxy or ...) could simply swap out mimetypes and block a users access to required content (exposed via plugins). > > I don't consider that acceptable and would prefer to see it remain as it does, that plugins can also run in this mode _OR_ that all "sandboxable content" (scripts, etc.) also get turned off. Be consistent. It sounds like you are talking about a security risk, but I'm not sure what exactly you have in mind. Can you explain the thread model you are concerned about? - Maciej > > Leonard > > -----Original Message----- > From: public-html-request@w3.org [mailto:public-html-request@w3.org] On Behalf Of Maciej Stachowiak > Sent: Wednesday, January 20, 2010 3:15 AM > To: Adam Barth > Cc: Ian Hickson; public-html@w3.org > Subject: Re: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html) > > > On Jan 19, 2010, at 5:52 PM, Adam Barth wrote: > >> >> Consider the case of Google Gears. Gears provides access to databases >> based on the origin of the embedding page. Unfortunately, Gears >> doesn't understand text/html-sandboxed and so would grant the >> sandboxed content access to the origin's databases. > > It seems like, in this case, if plugins are blocked, then you can't use a redirect to circumvent the protection. Likewise if Flash has similar vulnerabilities (I suspect it does). > > Regards, > Maciej > > >
Received on Sunday, 24 January 2010 16:56:11 UTC