W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2009

[whatwg] <object> behavior

From: Mike Shaver <mike.shaver@gmail.com>
Date: Fri, 16 Oct 2009 18:04:21 -0400
Message-ID: <cc092ba00910161504g2dd93a38qbacd05abb1132e55@mail.gmail.com>
On Fri, Oct 16, 2009 at 5:56 PM, Ben Laurie <benl at google.com> wrote:
> On Fri, Oct 16, 2009 at 5:48 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
>> This is, imo, a much bigger problem than that of people embedding content
>> from an untrusted site and getting content X instead of content Y,
>> especially because content X can't actually access the page that contains
>> it, right?
>
> Flash can, for example.

If Flash can do bad things, then sourcing Flash from an untrusted site
and getting malicious Flash with the expected MIME type doesn't seem
like it's any better than getting malicious Quicktime or Java or
whatever via a switched MIME type.  Is there something I'm missing?

Mike
Received on Friday, 16 October 2009 15:04:21 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:18 UTC