Re: What defines a "plugin"? WRT sandboxing?

Leonard Rosenthol wrote:
> BUT a browser/UA is allowed to instantiate AY content that it believes complies with the provided security model, correct?
> 
> So Safari, if it believes that their built-in PDF support is "sandbox safe" could display such document on the Mac even though on Windows the same browser would not do so.   OR for that matter, what about a UA which relies on a plugin for SVG?  Are they to not allow embedded SVG in a sandbox simply because they have to use a plugin to implement it?
> 
> My point isn't to try to avoid the sandbox - I fully support the idea.  HOWEVER, I believe that "plugins" are being singled out inappropriately and that the correct solution is a more well thought out definition of what exactly we are trying to achieve.
> 
> Leonard
> ...

Looking into this I just realized that, to begin with, we may have to 
fix the definition of plugin. It used to be non-critical, but now it's 
referred to for iframe/@sandbox it is.

 From <http://dev.w3.org/html5/spec/Overview.html#plugins>:

"The term plugin is used to mean any content handler for Web content 
types that are either not supported by the user agent natively or that 
do not expose a DOM, which supports rendering the content as part of the 
user agent's interface."

- "Web content type" appears to be undefined. Is it just a media type?

- "do not expose a DOM": that seems to the content handler for JPGs a 
plugin, right?

Best regards, Julian

Received on Monday, 25 January 2010 14:19:56 UTC