- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 25 Jan 2010 15:19:16 +0100
- To: Leonard Rosenthol <lrosenth@adobe.com>
- CC: Adam Barth <w3c@adambarth.com>, Maciej Stachowiak <mjs@apple.com>, "public-html@w3.org" <public-html@w3.org>
Leonard Rosenthol wrote: > BUT a browser/UA is allowed to instantiate AY content that it believes complies with the provided security model, correct? > > So Safari, if it believes that their built-in PDF support is "sandbox safe" could display such document on the Mac even though on Windows the same browser would not do so. OR for that matter, what about a UA which relies on a plugin for SVG? Are they to not allow embedded SVG in a sandbox simply because they have to use a plugin to implement it? > > My point isn't to try to avoid the sandbox - I fully support the idea. HOWEVER, I believe that "plugins" are being singled out inappropriately and that the correct solution is a more well thought out definition of what exactly we are trying to achieve. > > Leonard > ... Looking into this I just realized that, to begin with, we may have to fix the definition of plugin. It used to be non-critical, but now it's referred to for iframe/@sandbox it is. From <http://dev.w3.org/html5/spec/Overview.html#plugins>: "The term plugin is used to mean any content handler for Web content types that are either not supported by the user agent natively or that do not expose a DOM, which supports rendering the content as part of the user agent's interface." - "Web content type" appears to be undefined. Is it just a media type? - "do not expose a DOM": that seems to the content handler for JPGs a plugin, right? Best regards, Julian
Received on Monday, 25 January 2010 14:19:56 UTC