[Webkit-unassigned] [Bug 39219] Offer user option to override sandbox plugin flag

Wed May 19 11:10:20 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=39219

Brady Eidson <beidson at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |beidson at apple.com

--- Comment #1 from Brady Eidson <beidson at apple.com>  2010-05-19 11:10:20 PST ---
(In reply to comment #0)
> When an iframe is sandboxed, WebKit is setting the "plugins browsing context flag" ...
> 
> However, no option is being offered for the user to override the flag.  According to the HTML5 doc (http://www.whatwg.org/specs/web-apps/current-work/#the-embed-element), if the sandboxed plugin flag is set:
> 
> "The user agent may offer the user the option to override the sandbox and instantiate the plugin anyway; if the user invokes such an option, the user agent must act as if the conditions above did not apply for the purposes of this element."
> 
> The absence of this option renders several plugin-based sites unusable, such as those with embedded YouTube videos (see example URL: http://173.203.83.120/sandbox-bug).

It doesn't render the site unusable.  It renders the site unusable from within a sandboxed iframe.  Why not visit YouTube directly?

> (Alternatively, perhaps WebKit can offer another sandbox option, like "allow-plugins"?)

This is possible, and when learning about sandboxing very recently, I was surprised it *wasn't* an option.  Perhaps poking WhatWG and Hixie about this would be worthwhile.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.