[Bug 18975] registerContentHanlder and registerProtocolHandler open huge security and privacy holes from bugzilla@jessica.w3.org on 2013-07-18 (public-html-bugzilla@w3.org from July 2013)

From: <bugzilla@jessica.w3.org>
Date: Thu, 18 Jul 2013 22:32:34 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-18975-2486-nX0HNnXIeb@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=18975

Travis Leithead [MSFT] <travil@microsoft.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |travil@microsoft.com

--- Comment #4 from Travis Leithead [MSFT] <travil@microsoft.com> ---
Given that these two features are at-risk, are you against leaving their
definition in the CR spec?

If so, then we can probably resolve this bug and if need be, pull the
definitions out later (preparatory to the spec transitioning to PR).

If not, then we can remove the features entirely from the 5.0 draft. Note,
however, that these APIs will still exist in 5.1, so it may also be prudent to
just move this bug to the 5.1--not let it block 5.0--and address the root of
the security problems with these APIs.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 18 July 2013 22:32:36 UTC