- From: Maciej Stachowiak <mjs@apple.com>
- Date: Sun, 24 Jan 2010 09:31:05 -0800
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- Cc: Leonard Rosenthol <lrosenth@adobe.com>, "public-html@w3.org" <public-html@w3.org>
On Jan 24, 2010, at 9:18 AM, Tab Atkins Jr. wrote: > On Sun, Jan 24, 2010 at 11:02 AM, Maciej Stachowiak <mjs@apple.com> wrote: >> I think the bottom line is for any given piece of code, can you verify that >> it enforces the sandbox constraints? > > It's possible that different UAs have different verification > abilities. Would this cause any problems? The definition of "plugin" > you've stated for this purpose should suffice to prevent security > issues even if different UAs react to various plugins differently, but > there's still the matter of author expectations. It would be hard to make a hard statement about what should be allowed or not. Consider PDF. Safari allows you to do <img src="foo.pdf">. Most other browsers don't. Should that be banned in sandboxed mode? Does that mean HTML5 needs to have a whitelist of image formats allowed in sandboxed mode? That would be odd, since it doesn't have a list of allowed image formats otherwise (not even a minimum requirement). I also note that Safari's support for PDF (and TIFF) images in non-sandboxed mode does not seem to have confused author expectations. Regards, Maciej
Received on Sunday, 24 January 2010 17:31:39 UTC