- From: Adam Barth <whatwg@adambarth.com>
- Date: Sun, 13 Dec 2009 14:00:00 -0800
On Sun, Dec 13, 2009 at 1:51 PM, Michal Zalewski <lcamtuf at coredump.cx> wrote: >> That seems like a backwards way of proceeding. ?Do you have a proposal >> for unification besides the <jail> tag? > > The only fundamental objection I have heard against it is the trouble > with XML representation. How do I use the <jail> tag to sandbox advertisements? More specifically, here's the use case that I think is easy 10x or a 100x more important than everything else we've discussed in this thread: 1) A publisher wants to show an advertisement on his or her web page. 2) 60% of the visits to the publishers web site are running a vulnerable version of Flash. 3) The publisher does not want a malicious advertisement to install malware on the user's computer. The sandbox tag is great at addressing that use case. I don't see why we should delay it in the hopes that the <jail> tag comes back to life. Adam
Received on Sunday, 13 December 2009 14:00:00 UTC