Shumway has three different layers of sandboxing: - An outermost sandbox that prevents content from getting direct access to chrome-privileged code. - An inner one around the content script-executing part of Shumway that prevents content from directly accessing the Shumway instance's iframe. - An implementation of Flash's SecurityDomains for controlling access between SWFs from different domains loaded into the same player instance. These sandboxes are in very different shapes: the outermost is ready for review right now, the inner one needs some work on our part (mostly bug 1137942, but also some cleanup of how the communication works) to ease verification but largely works, while the SecurityDomains implementation isn't finished at all. I'll file blocking bugs for verifying the three different sandboxes next. We should probably do a kick-off meeting to go over the general strokes as a first step.
As long as the outer sandbox is verified and we only load stuff from domains that crossdomain.xml allows, this doesn't block enabling on Nightly.
Yury needs to confirm he has addressed bholley's initial review feedback (before asking bholley for a final review).
Assignee: nobody → ydelendik
3 years ago
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.