Re: What defines a "plugin"? WRT sandboxing?

On Jan 24, 2010, at 9:18 AM, Tab Atkins Jr. wrote:

> On Sun, Jan 24, 2010 at 11:02 AM, Maciej Stachowiak <mjs@apple.com> wrote:
>> I think the bottom line is for any given piece of code, can you verify that
>> it enforces the sandbox constraints?
> 
> It's possible that different UAs have different verification
> abilities.  Would this cause any problems?  The definition of "plugin"
> you've stated for this purpose should suffice to prevent security
> issues even if different UAs react to various plugins differently, but
> there's still the matter of author expectations.

It would be hard to make a hard statement about what should be allowed or not. Consider PDF. Safari allows you to do <img src="foo.pdf">. Most other browsers don't. Should that be banned in sandboxed mode? Does that mean HTML5 needs to have a whitelist of image formats allowed in sandboxed mode? That would be odd, since it doesn't have a list of allowed image formats otherwise (not even a minimum requirement). I also note that Safari's support for PDF (and TIFF) images in non-sandboxed mode does not seem to have confused author expectations.

Regards,
Maciej

Received on Sunday, 24 January 2010 17:31:39 UTC