- From: Hill, Brad <bhill@paypal-inc.com>
- Date: Tue, 4 Jun 2013 00:18:42 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Issue-50 in our WebAppSec tracker refers to the need to specify syntax for using the plugin-types directive (https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#plugin-types) with IE when it uses the CLSID method for identifying ActiveX embeds. I wonder if David Ross, Jacob Rossi or someone else at Microsoft can help us resolve this? We could just allow a syntax much like the classid attribute, ("clsid: D27CDB6E-AE6D-11cf-96B8-444553540000") but perhaps no change is needed? The Windows Registry under \\HKEY_CLASSES_ROOT\MIME\Database\Content Type\ has mappings from MIME Types to CLSIDs. Are these reliably populated? (there seem to be a lot of them on my machine) Can IE just use this to determine what CLSIDs are implied by a given MIME type in a plugin-types directive? Thanks, Brad
Received on Tuesday, 4 June 2013 00:19:16 UTC