W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2011

[whatwg] Blacklist for regsiterProtocolHandler()

From: Michael A. Puls II <shadow2531@gmail.com>
Date: Fri, 22 Apr 2011 01:07:02 -0400
Message-ID: <op.vubpt0kj1ejg13@sandra-svwliu01>
On Tue, 19 Apr 2011 13:33:43 -0400, Ian Hickson <ian at hixie.ch> wrote:

> On Tue, 12 Apr 2011, Lachlan Hunt wrote:
>>
>> We are investigating registerProtocolHandler and have been discussing
>> the need for a blacklist of protocols to forbid.
>>
>> [...]
>>
>> We'd like to know if we've missed any important schemes that must be
>> blocked, and we think it might be useful if the spec listed most of
>> those, except for the vendor specific schemes, which should probably be
>> left up to each vendor to worry about.
>
> I haven't updated the spec yet, but it strikes me that maybe what we
> should do instead is have a whitelist of protocols we definitely want to
> allow (e.g. mailto:)

Sounds cool.

Besides mailto, these should be white-listed:

mms
nntp
rtsp

(There are lots more, but just wanted to mention those)

-- 
Michael
Received on Thursday, 21 April 2011 22:07:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:03 GMT