W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

CSP Plugin

From: Kepeng Li <kepeng.lkp@alibaba-inc.com>
Date: Thu, 27 Aug 2015 21:26:05 +0800
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <D2052F3E.17FE1%kepeng.lkp@alibaba-inc.com>
Hello all,
 
I want to initiate some discussions about allow-plugin in sandbox.
 
There was some discussion in the mailing list before:
https://lists.w3.org/Archives/Public/public-web-security/2011Feb/0112.html
 
Can we add an allow-plugins policy that turns on plugins that understand the
HTML sandbox?
 
By default, the plugins can be blocked by the browser, but in the sandbox,
we can allow plugins. This can improve the web security.


Any feedback about this?


Thanks,
 
Kind Regards
 
Kepeng Li
Alibaba Group
Received on Thursday, 27 August 2015 13:26:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC