- From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
- Date: Tue, 12 Apr 2011 16:18:06 +0200
Hi, We are investigating registerProtocolHandler and have been discussing the need for a blacklist of protocols to forbid. Our list currently includes: * http: * https: * ftp: * file: * about: * data: Email specific schemes: * cid: * mid: Scripting schemes: * javascript: * vbscript: Ancient Netscape scripting schemes. some were apparently aliases for javascript: * mocha: * livescript: * livewire: * tcl: Also, implementers need to be take care with vendor specific schemes: * chrome: (Mozilla, Chrome) * view-source: (Mozilla, Chrome) * res: (IE) * resource: (Mozilla) * opera: (Opera) * attachment: (Opera) (This list is probably incomplete) We'd like to know if we've missed any important schemes that must be blocked, and we think it might be useful if the spec listed most of those, except for the vendor specific schemes, which should probably be left up to each vendor to worry about. -- Lachlan Hunt - Opera Software http://lachy.id.au/ http://www.opera.com/
Received on Tuesday, 12 April 2011 07:18:06 UTC