On Tue, Feb 26, 2008 at 10:21 AM, Kevin Brown <[EMAIL PROTECTED]> wrote: > Yeah, but not allowing images is pretty much out of the question. You may as > well not render gadgets :)
I just want to point out that there is a possible distinction that may or may not be useful, based on your point about the rewriting proxy: A gadget may ask, at compile time, for the right to load certain images. The container could then pre-load these all (or not, or load them randomly, or whatever), in which case loading the image cannot be used as a wall-banging channel to the outside world. A completely different authority is the authority to load any arbitrary image from a URL composed at run time, in which case this constitutes a much more serious outbound channel. Ihab -- Ihab A.B. Awad, Palo Alto, CA
