- From: Boris Zbarsky <bzbarsky@mit.edu>
- Date: Tue, 02 Dec 2014 07:49:58 -0800
- To: whatwg@lists.whatwg.org
On 12/2/14, 7:46 AM, James M. Greene wrote: > 1. Is there any existing way or guidance for browser vendors on how to > confirm that a plugin can be "secured" and thus allowed to be instantiated > within a sandboxed iframe? As far as I know, there is not. For Gecko there definitely is not. > 2. Is there any existing way or guidance for library/plugin developers on > how to provide appropriate metadata to the browser in order to allow a > plugin to be considered "secured" and thus allowed to be instantiated > within a sandboxed iframe? Again, as far as I know there is not. > 3. Is this really just confusing/misleading text that may never actually > correlate to a real implementation? The text is intended to allow people to develop such systems if they want to. I don't think any current UAs particularly want to. Note that making sure something with the API surface of Flash is "secured" would be quite an undertaking... -Boris
Received on Tuesday, 2 December 2014 15:50:30 UTC