[Webkit-unassigned] [Bug 39219] Offer user option to override sandbox plugin flag
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 19 11:10:20 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=39219
Brady Eidson <beidson at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |beidson at apple.com
--- Comment #1 from Brady Eidson <beidson at apple.com> 2010-05-19 11:10:20 PST ---
(In reply to comment #0)
> When an iframe is sandboxed, WebKit is setting the "plugins browsing context flag" ...
>
> However, no option is being offered for the user to override the flag. According to the HTML5 doc (http://www.whatwg.org/specs/web-apps/current-work/#the-embed-element), if the sandboxed plugin flag is set:
>
> "The user agent may offer the user the option to override the sandbox and instantiate the plugin anyway; if the user invokes such an option, the user agent must act as if the conditions above did not apply for the purposes of this element."
>
> The absence of this option renders several plugin-based sites unusable, such as those with embedded YouTube videos (see example URL: http://173.203.83.120/sandbox-bug).
It doesn't render the site unusable. It renders the site unusable from within a sandboxed iframe. Why not visit YouTube directly?
> (Alternatively, perhaps WebKit can offer another sandbox option, like "allow-plugins"?)
This is possible, and when learning about sandboxing very recently, I was surprised it *wasn't* an option. Perhaps poking WhatWG and Hixie about this would be worthwhile.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list