- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Thu, 28 Jan 2010 20:29:27 -0600
- To: "Helen Wang (MSR)" <helenw@microsoft.com>
- Cc: Adam Barth <w3c@adambarth.com>, HTML WG <public-html@w3.org>, Collin Jackson <collin@collinjackson.com>
Could we please have a link to the <sandbox> proposal? I can't find anything useful through searching. On Thu, Jan 28, 2010 at 8:01 PM, Helen Wang (MSR) <helenw@microsoft.com> wrote: >> For example, the publisher might be concerned about Flash-based >> malware and might want to prevent the advertisement from instantiated >> a Flash movie. > > Neither sandbox proposals allow inclusion of plugin content. Not so far, but @sandbox may introduce some measure of control over this at a later time, for plugins that can interact with the sandbox security model. (I don't know if <sandbox> can or can be extended to do so as well, since I can't find the proposal details yet.) > <sandbox> is trying to sandbox existing scripts out there. A script runs with the context of its includer in legacy browsers when included as <script>, and may run as its origin when included as <iframe> due to MIME sniffing. I thought that testing had shown that the MIME-sniffing situation was basically under control? If not, could I have link to some demonstrations to the opposite effect? Again, searching fails me. As far as I know, the only issues found so far are with files ending in .html, correct? > For low-interaction use cases, why don't a hosting site simply host the content in a throwaway domain, which seems almost as simple as doing @sandbox; what do people think about this? In many shared-hosting situations, additional domains are not easy to get. When an author can get an additional domain, it is still an additional cost. > - if @sandbox is for low-interaction applications, why don't providers host untrusted content on throwaway domains? The @sandbox security model is more fine-grained than what is provided by simply moving content to a throwaway domain. The presence or absence of the allow-same-origin directive is equivalent to hosting a script on/off domain, but there are other directives that provide additional controls over the untrusted content. ~TJ
Received on Friday, 29 January 2010 02:30:15 UTC