[whatwg] Content Restrictions
Gervase Markham
gerv at mozilla.org
Mon Jan 30 04:49:29 PST 2006
Ian Hickson wrote:
> My first impression is that it is far too complex and over-engineered.
OK... What do you think the requirements are for a solution to this
problem? I tried to make my types of restrictions match up with common
use cases, but I may well have picked the wrong ones.
> The problem with security is that people don't understand the issues. We
> don't want to give authors too fine-grained control, because most authors
> will get it wrong, but be lulled into a false sense of security because
> they are "using Content Restrictions".
OK; but if your control is too coarse-grained, then people who want to
permit just a little bit of scripting are forced to not have any
restrictions at all.
> Still, I'm glad someone is looking at this stuff. It's important. You may
> be interested (once the archives are back up, or using the other archive
> site) in looking at the recent discussion on sandboxing in HTML5.
I found a four-message thread:
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-December/005294.html
The ideas proposed there are interesting but have the problem I outlined
in my original message of being capabilities rather than restrictions.
Has there been any more discussion you know of?
Gerv
More information about the whatwg
mailing list