Plugins:SandboxedPlugins

From MozillaWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Status

(work in progress)

Problem Summary

HTML5 defines a "sandbox" mode for <iframe>, which disables certain features, such as scripting, form submission, and plugins. For some of these, such as scripting, an opt-in feature is available, but there is none for plugins.

Existing Discussion and Documentation

HTML5 iframe element [1]

HTML WG discussion thread on public-html [2]

API Requirements

  • It should be possible to find out whether the plugin knows about sandboxing as early as possible
    • Q: not sure whether this needs to be possible before Initialization
  • We need to be able to pass the various "opt-out" switches into the plugin instance
    • Q: does this need to happen at instantiation, or is it sufficient to do that before content is loaded?
  • Q: Do we need a more fine grained set of "sandbox flags" for plugins? Scripting? Network access? Other?

Current Proposal

Retrieved from "https://wiki.mozilla.org/index.php?title=Plugins:SandboxedPlugins&oldid=198814"