On Jan 24, 2010, at 9:18 AM, Tab Atkins Jr. wrote: > On Sun, Jan 24, 2010 at 11:02 AM, Maciej Stachowiak <mjs@apple.com> wrote: >> I think the bottom line is for any given piece of code, can you verify that >> it enforces the sandbox constraints? > > It's possible that different UAs have different verification > abilities. Would this cause any problems? The definition of "plugin" > you've stated for this purpose should suffice to prevent security > issues even if different UAs react to various plugins differently, but > there's still the matter of author expectations. It would be hard to make a hard statement about what should be allowed or not. Consider PDF. Safari allows you to do <img src="foo.pdf">. Most other browsers don't. Should that be banned in sandboxed mode? Does that mean HTML5 needs to have a whitelist of image formats allowed in sandboxed mode? That would be odd, since it doesn't have a list of allowed image formats otherwise (not even a minimum requirement). I also note that Safari's support for PDF (and TIFF) images in non-sandboxed mode does not seem to have confused author expectations. Regards, MaciejReceived on Sunday, 24 January 2010 17:31:39 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:45:08 UTC