hixie: registerProtocolHandler() and registerContentHandler() security updates (whatwg r6523)

• From: poot <cvsmail@w3.org>
• Date: Tue, 23 Aug 2011 19:28:42 -0400
• To: public-html-diffs@w3.org
• Message-Id: <E1Qw0Og-0003u4-6a@jay.w3.org>

hixie: registerProtocolHandler() and registerContentHandler() security
updates (whatwg r6523)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5222&r2=1.5223&f=h
http://html5.org/tools/web-apps-tracker?from=6522&to=6523

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.5222
retrieving revision 1.5223
diff -u -d -r1.5222 -r1.5223
--- Overview.html 23 Aug 2011 00:09:19 -0000 1.5222
+++ Overview.html 23 Aug 2011 23:28:09 -0000 1.5223
@@ -1352,7 +1352,8 @@
    <li><a href="#text-html-sandboxed"><span class="secno">12.2 </span><code>text/html-sandboxed</code></a></li>
    <li><a href="#application-xhtml-xml"><span class="secno">12.3 </span><code>application/xhtml+xml</code></a></li>
    <li><a href="#application-x-www-form-urlencoded"><span class="secno">12.4 </span><code>application/x-www-form-urlencoded</code></a></li>
-   <li><a href="#text-cache-manifest"><span class="secno">12.5 </span><code>text/cache-manifest</code></a></ol></li>
+   <li><a href="#text-cache-manifest"><span class="secno">12.5 </span><code>text/cache-manifest</code></a></li>
+   <li><a href="#web-scheme-prefix"><span class="secno">12.6 </span><code>web+</code> scheme prefix</a></ol></li>
  <li><a class="no-num" href="#index">Index</a>
   <ol>
    <li><a class="no-num" href="#elements-1">Elements</a></li>
@@ -51623,7 +51624,11 @@
   the user is not repeatedly prompted with the same request.</p>
 
   <p>The arguments to the methods have the following meanings and
-  corresponding implementation requirements:</p>
+  corresponding implementation requirements. The requirements that
+  involve throwing exceptions must be processed in the order given
+  below, stopping at the first exception raised. (So the
+  <code><a href="#security_err">SECURITY_ERR</a></code> exceptions take precedence over the
+  <code><a href="#syntax_err">SYNTAX_ERR</a></code> exception.)</p>
 
   <dl><dt><var title="">scheme</var> (<code title="dom-navigator-registerProtocolHandler"><a href="#dom-navigator-registerprotocolhandler">registerProtocolHandler()</a></code> only)</dt>
 
@@ -51639,8 +51644,29 @@
     (as in "<code>ftp:</code>"), will never match anything, since
     schemes don't contain colons.</p>
 
-    <p class="note">This feature is not intended to be used with
-    non-standard protocols.</p>
+    <p>If the <code title="dom-navigator-registerProtocolHandler"><a href="#dom-navigator-registerprotocolhandler">registerProtocolHandler()</a></code>
+    method is invoked with a scheme that is neither a
+    <a href="#whitelisted-scheme">whitelisted scheme</a> nor a scheme whose value starts
+    with the substring "<code title="">web+</code>" and otherwise
+    contains only characters in the range U+0061 LATIN SMALL LETTER A
+    to U+007A LATIN SMALL LETTER Z, the user agent must raise
+    <code><a href="#security_err">SECURITY_ERR</a></code> exception.</p>
+
+    <p>The following schemes are the <dfn id="whitelisted-scheme" title="whitelisted
+    scheme">whitelisted schemes</dfn>:</p>
+
+    <ul class="brief"><li><code title="">irc</code></li>
+     <li><code title="">mailto</code></li>
+     <li><code title="">mms</code></li>
+     <li><code title="">news</code></li>
+     <li><code title="">nntp</code></li>
+     <li><code title="">sms</code></li>
+     <li><code title="">smsto</code></li>
+     <li><code title="">tel</code></li>
+     <li><code title="">urn</code></li>
+     <li><code title="">webcal</code></li>
+    </ul><p class="note">This list can be changed. If there are schemes
+    that should be added, please send feedback.</p>
 
    </dd>
 
@@ -51667,6 +51693,31 @@
     used by the user agent <em>after</em> the sniffing algorithms have
     been applied.</p>
 
+    <p>If the <code title="dom-navigator-registerContentHandler"><a href="#dom-navigator-registercontenthandler">registerContentHandler()</a></code>
+    method is invoked with a <a href="#mime-type">MIME type</a> that is in the
+    <a href="#type-blacklist">type blacklist</a> or that the user agent has deemed a
+    privileged type, the user agent must raise
+    <code><a href="#security_err">SECURITY_ERR</a></code> exception.</p>
+
+    <p>The following <a href="#mime-type" title="MIME type">MIME types</a> are in
+    the <dfn id="type-blacklist">type blacklist</dfn>:</p>
+
+    <ul title="brief"><li><code><a href="#text-cache-manifest">text/cache-manifest</a></code></li>
+     <li><code>text/css</code></li>
+     <li><code><a href="#text-html-sandboxed">text/html-sandboxed</a></code></li>
+     <li><code><a href="#text-html">text/html</a></code></li>
+     <li><code>text/ping</code></li>
+     <li><code>text/plain</code></li>
+     <li><code><a href="#application-x-www-form-urlencoded">application/x-www-form-urlencoded</a></code></li>
+     <li><code>image/gif</code></li>
+     <li><code>image/jpeg</code></li>
+     <li><code>image/png</code></li>
+     <li>All <a href="#xml-mime-type" title="XML MIME type">XML MIME types</a></li>
+     <li>All types that the user agent supports displaying natively in a <a href="#browsing-context">browsing context</a> during <a href="#navigate" title="navigate">navigation</a></li>
+
+    </ul><p class="note">This list can be changed. If there are schemes
+    that should be added, please send feedback.</p>
+
    </dd>
 
 
@@ -51694,6 +51745,14 @@
     &lt;query&gt; production defined in RFC 3986 by the
     percent-encoded form of that character. <a href="#refsRFC3986">[RFC3986]</a></p>
 
+    <p>User agents must raise a <code><a href="#syntax_err">SYNTAX_ERR</a></code> exception if
+    the <var title="">url</var> argument passed to one of these
+    methods does not contain the exact literal string
+    "<code>%s</code>", or if <a href="#resolve-a-url" title="resolve a
+    url">resolving</a> the <var title="">url</var> argument with
+    the first occurrence of the string "<code title="">%s</code>"
+    removed, relative to the <a href="#entry-script">entry script</a>'s <a href="#script-s-base-url" title="script's base URL">base URL</a>, is not successful.</p>
+
     <div class="example">
 
      <p>If the user had visited a site at <code title="">http://example.com/</code> that made the following
@@ -51730,24 +51789,7 @@
 
    </dd>
 
-  </dl><p>User agents should raise <code><a href="#security_err">SECURITY_ERR</a></code> exceptions if
-  the methods are called with <var title="">scheme</var> or <var title="">mimeType</var> values that the UA deems to be
-  "privileged". For example, a site attempting to register a handler
-  for <code>http</code> URLs or <code><a href="#text-html">text/html</a></code> content in a
-  Web browser would likely cause an exception to be raised.</p>
-
-  <p>User agents must raise a <code><a href="#syntax_err">SYNTAX_ERR</a></code> exception if the
-  <var title="">url</var> argument passed to one of these methods does
-  not contain the exact literal string "<code>%s</code>", or if <a href="#resolve-a-url" title="resolve a url">resolving</a> the <var title="">url</var>
-  argument with the first occurrence of the string "<code title="">%s</code>" removed, relative to the <a href="#entry-script">entry
-  script</a>'s <a href="#script-s-base-url" title="script's base URL">base URL</a>, is
-  not successful.</p>
-
-  <p>User agents must not raise any other exceptions (other than
-  binding-specific exceptions, such as for an incorrect number of
-  arguments in an JavaScript implementation).</p>
-
-  <p>This section does not define how the pages registered by these
+  </dl><p>This section does not define how the pages registered by these
   methods are used, beyond the requirements on how to process the <var title="">url</var> value (see above). To some extent, the <a href="#navigate" title="navigate">processing model for navigating across
   documents</a> defines some cases where these methods are
   relevant, but in general UAs may use this information wherever they
@@ -69507,7 +69549,40 @@
    <dt>Change controller:</dt>
    <dd>W3C</dd>
   </dl><p>Fragment identifiers have no meaning with
-  <code><a href="#text-cache-manifest">text/cache-manifest</a></code> resources.<h2 class="no-num" id="index">Index</h2><div class="impl">
+  <code><a href="#text-cache-manifest">text/cache-manifest</a></code> resources.<h3 id="web-scheme-prefix"><span class="secno">12.6 </span><dfn title="scheme-web"><code>web+</code> scheme prefix</dfn></h3><p>This section describes a convention for use with the IANA URI
+  scheme registry. It does not itself register a specific scheme. <a href="#refsRFC4395">[RFC4395]</a><dl><dt>URI scheme name</dt>
+   <dd>
+    Schemes starting with the four characters "<code title="">web+</code>" followed by one or more letters in the range
+    <code title="">a</code>-<code title="">z</code>.
+   </dd>
+   <dt>Status</dt>
+   <dd>permanent</dd>
+   <dt>URI scheme syntax</dt>
+   <dd>Scheme-specific.</dd>
+   <dt>URI scheme semantics</dt>
+   <dd>Scheme-specific.</dd>
+   <dt>Encoding considerations</dt>
+   <dd>All "<code title="">web+</code>" schemes should use UTF-8 encodings were relevant.</dd>
+   <dt>Applications/protocols that use this URI scheme name</dt>
+   <dd>Scheme-specific.</dd>
+   <dt>Interoperability considerations</dt>
+   <dd>The scheme is expected to be used in the context of Web applications.</dd>
+   <dt>Security considerations</dt>
+   <dd>
+    Any Web page is able to register a handler for all "<code title="">web+</code>" schemes. As such, these schemes must not be
+    used for features intended to be core platform features (e.g.
+    network transfer protocols like HTTP or FTP). Similarly, such
+    schemes must not store confidential information in their URLs,
+    such as usernames, passwords, personal information, or
+    confidential project names.
+   </dd>
+   <dt>Contact</dt>
+   <dd>Ian Hickson &lt;ian@hixie.ch&gt;</dd>
+   <dt>Author/Change controller</dt>
+   <dd>Ian Hickson &lt;ian@hixie.ch&gt;</dd>
+   <dt>References</dt>
+   <dd>W3C</dd>
+  </dl><h2 class="no-num" id="index">Index</h2><div class="impl">
 
   <p>The following sections only cover conforming elements and features.</p>
 
@@ -72854,6 +72929,9 @@
    <dd>(Non-normative) <cite><a href="http://tools.ietf.org/html/rfc4329">Scripting Media
    Types</a></cite>, B. H&ouml;hrmann. IETF.</dd>
 
+   <dt id="refsRFC4395">[RFC4395]</dt>
+   <dd><cite><a href="http://tools.ietf.org/html/rfc4395">Guidelines and Registration Procedures for New URI Schemes</a></cite>, T. Hansen, T. Hardie, L. Masinter. IETF.</dd>
+
    <dt id="refsRFC4648">[RFC4648]</dt>
    <dd><cite><a href="http://tools.ietf.org/html/rfc4648">The Base16,
    Base32, and Base64 Data Encodings</a></cite>, S. Josefsson.
@@ -73264,6 +73342,7 @@
   James Craig,
   James Graham,
   James Justin Harrell,
+  James Kozianski,
   James M Snell,
   James Perrett,
   James Robinson,
@@ -73569,6 +73648,7 @@
   Wayne Pollock,
   Wellington Fernando de Macedo,
   Weston Ruter,
+  Wilhelm Joys Andersen,
   Will Levine,
   William Swanson,
   Wladimir Palant,

Received on Tuesday, 23 August 2011 23:28:48 UTC