Re: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html)

On Jan 24, 2010, at 5:37 AM, Leonard Rosenthol wrote:

> The problem here is that unlike the other method (@sandbox), where the page author has control over what things are sandboxed and what are not - there is no such control when using a mimetype :(.   That means that a renegade server (or proxy or ...) could simply swap out mimetypes and block a users access to required content (exposed via plugins).
> 
> I don't consider that acceptable and would prefer to see it remain as it does, that plugins can also run in this mode _OR_ that all "sandboxable content" (scripts, etc.) also get turned off.  Be consistent.

It sounds like you are talking about a security risk, but I'm not sure what exactly you have in mind. Can you explain the thread model you are concerned about?

 - Maciej

> 
> Leonard
> 
> -----Original Message-----
> From: public-html-request@w3.org [mailto:public-html-request@w3.org] On Behalf Of Maciej Stachowiak
> Sent: Wednesday, January 20, 2010 3:15 AM
> To: Adam Barth
> Cc: Ian Hickson; public-html@w3.org
> Subject: Re: Disallow plug-ins in text/html-sandboxed? (was: Re: text/sandboxed-html)
> 
> 
> On Jan 19, 2010, at 5:52 PM, Adam Barth wrote:
> 
>> 
>> Consider the case of Google Gears.  Gears provides access to databases
>> based on the origin of the embedding page.  Unfortunately, Gears
>> doesn't understand text/html-sandboxed and so would grant the
>> sandboxed content access to the origin's databases.
> 
> It seems like, in this case, if plugins are blocked, then you can't use a redirect to circumvent the protection. Likewise if Flash has similar vulnerabilities (I suspect it does).
> 
> Regards,
> Maciej
> 
> 
> 

Received on Sunday, 24 January 2010 16:56:11 UTC