Implement CSP 1.1 plugin-types directive

NEW
Unassigned

Status

()

Core
DOM: Security
P3
enhancement
3 years ago
4 months ago

People

(Reporter: geekboy, Unassigned)

Tracking

(Blocks: 1 bug, {dev-doc-needed})

Trunk
All
Linux
dev-doc-needed
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [CSP 1.1], [domsecurity-backlog3], URL)

(Reporter)

Description

3 years ago
Implement plugin-types directive for CSP that restricts what types of plugins can load on a page.

From the draft spec: "The plugin-types directive restricts the set of plugins that can be invoked by the protected resource by limiting the types of resources that can be embedded. ".  See the URL for details.
(Reporter)

Updated

3 years ago
Priority: -- → P3
Keywords: dev-doc-needed
(Reporter)

Updated

3 years ago
Assignee: sstamm → nobody
Whiteboard: [CSP 1.1] → [CSP 1.1], [domsecurity-backlog]

Comment 1

a year ago
Note: since we're removing support for all plugins except Flash in FF52, and the current sandboxing status-quo is to not allow plugins at all, I'm not sure this is worthwhile. Should we consider WONTFIXing this or even removing this from CSP 1.1?
Whiteboard: [CSP 1.1], [domsecurity-backlog] → [CSP 1.1], [domsecurity-backlog3]
You need to log in before you can comment on or make changes to this bug.