- From: timeless <timeless@gmail.com>
- Date: Mon, 18 Apr 2011 23:39:37 +0300
On Tue, Apr 12, 2011 at 5:18 PM, Lachlan Hunt <lachlan.hunt at lachy.id.au> wrote: > ?We are investigating registerProtocolHandler and have been discussing the > need for a blacklist of protocols to forbid. > > Our list currently includes: > * http: > * https: > * ftp: > * file: > > * about: > * data: > > Email specific schemes: > * cid: > * mid: > > Scripting schemes: > * javascript: > * vbscript: > > Ancient Netscape scripting schemes. some were apparently aliases for > javascript: > * mocha: > * livescript: > * livewire: > * tcl: > > Also, implementers need to be take care with vendor specific schemes: > * chrome: (Mozilla, Chrome) > * view-source: (Mozilla, Chrome) > * res: (IE) > * resource: (Mozilla) > * opera: (Opera) > * attachment: (Opera) > (This list is probably incomplete) > > We'd like to know if we've missed any important schemes that must be > blocked, and we think it might be useful if the spec listed most of those, > except for the vendor specific schemes, which should probably be left up to > each vendor to worry about. possibly "mthml:" (Windows) I should go fish for a list sometime. Poke me in two weeks?
Received on Monday, 18 April 2011 13:39:37 UTC