Sandboxes should only allow allowlist of file types and make everything else fall back to a safe default. This could be a simple text editor (no IDE support!) for text files, and a hex editor (or an error) for binary files.
That sounds extremely inconvenient. Running an email client in a sandbox? It can't open a PDF or a JPEG (or worse, you'll get an hex-editor) ...
If the sandboxed application is badly integrated and can't open files and URIs, the user (me included) will prefer using the non-sandboxed version in order to get things done (or will prefer using a more user-friendly OS). This would defeat the purpose of having sandboxed applications.
Gabriel
OpenPGP_signature.asc
Description: OpenPGP digital signature
