- From: <bugzilla@jessica.w3.org>
- Date: Sat, 22 Sep 2012 16:09:30 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=18975 --- Comment #1 from Larry Masinter <lmm@acm.org> 2012-09-22 16:09:30 UTC --- Also: The current specification attempts to mitigate some of the risks of registerProtocolHandler by maintaining a "white list" of protocols for which handlers are "safe" and disallowing registering all other handlers except those starting with "web+". However, this mechanism doesn't help with most of the security and privacy problems that arise when allowing dynamically assigned and overwritten handlers. There is another bug and decision which focused on "web+" prefix and the authority under which such schemes are registered, but this was a distraction from the more fundamental problems. For example, even if registerProtocolHandler only allowed registering "mailto" and nothing else, the risks of web sites trying to steal "mailto" from each other, or the information leakage that the handler's site now can learn whenever a user STARTS to type a message, even when the user abandons the interaction, has not been disclosed or mitigated. For example, one mitigation might be that handlers not be URI patterns of remote services but rather pages or content bodies or previously downloaded Javascript libraries. -- Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Saturday, 22 September 2012 16:09:31 UTC