- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 27 Aug 2015 15:47:27 +0200
- To: Kepeng Li <kepeng.lkp@alibaba-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 2015-08-27 15:26, Kepeng Li wrote: > Hello all, Hello Kepeng, > I want to initiate some discussions about allow-plugin in sandbox. I may be off here but you mean NPAPI or ActiveX plugins here? > > There was some discussion in the mailing list before: > > https://lists.w3.org/Archives/Public/public-web-security/2011Feb/0112.html > > Can we add an allow-plugins policy that turns on plugins that understand the HTML sandbox? Plugins are being deprecated and there's another problem as well: The primary reason for using Plugins is getting out of the Web sandbox like for example dealing with keys in smart cards. If there ever will be a "plugin" solution, Native Messaging seems to be our best bet: https://lists.w3.org/Archives/Public/public-webapps/2015JulSep/0319.html > > By default, the plugins can be blocked by the browser, but in the sandbox, we can allow plugins. This can improve the web security. > > > Any feedback about this? > > > Thanks, > > Kind Regards > > Kepeng Li > > Alibaba Group > > _ Cheers, Anders Rundgren
Received on Thursday, 27 August 2015 13:48:05 UTC