[whatwg] Sandboxing to accommodate user generated content.

Kristof Zelechovski giecrilj at stegny.2a.pl
Wed Jun 18 00:59:25 PDT 2008 

Let’s sort things out, folks.  There is nothing in the spec to prevent a
browser vendor to format the user’s hard drive and to drain her bank account
as a bonus when the page displayed contains the string "D357R0Y!N0\V!".  The
spec does not tell the vendors what not to do, therefore it cannot guarantee
anything in this respect.  The spec provides a reference implementation and
it is our job not to let harmful extensions in here; what happens in the
wild is beyond our control.
IMHO,
Chris

-----Original Message-----
From: whatwg-bounces at lists.whatwg.org
[mailto:whatwg-bounces at lists.whatwg.org] On Behalf Of Mikko Rantalainen
Sent: Wednesday, June 18, 2008 9:20 AM
To: whatwg at lists.whatwg.org
Subject: Re: [whatwg] Sandboxing to accommodate user generated content.

Frode Børli wrote:
>>> I have been reading up on past discussions on sandboxing content, and
>>>
>>> My main arguments for having this feature (in one form or another) in
>>> the browser is:
>>>
>>> - It is future proof. Changes to browsers (for example adding
>>> expression support to css) will never again require old sanitizers to
>>> be updated.

Unless some braindead vendor is going to add scripting-in-sandboxing
feature which would be equally braindead to unlimited expression support
in css. You cannot be future proof unless you trust all the players
including ALL possible browser vendors.

[snip]

> This method will be safe for all browsers that has ever existed and
> that will ever exist in the future. If new features are introduced in
> some future version of CSS or HTML - the sandbox is still there and
> the applications created today does not need to have their sanitizers
> updated, ever.

That's a pretty bold claim! I guess that a similar claim could have been
said about CSS support before Microsoft added the "expression()" value
syntax.

Can *you* guarantee that a random browser vendor does not implement
anything stupid for the sandbox content in the future?

-- 
Mikko

More information about the whatwg mailing list