- From: Michael A. Puls II <shadow2531@gmail.com>
- Date: Fri, 22 Apr 2011 01:07:02 -0400
On Tue, 19 Apr 2011 13:33:43 -0400, Ian Hickson <ian at hixie.ch> wrote: > On Tue, 12 Apr 2011, Lachlan Hunt wrote: >> >> We are investigating registerProtocolHandler and have been discussing >> the need for a blacklist of protocols to forbid. >> >> [...] >> >> We'd like to know if we've missed any important schemes that must be >> blocked, and we think it might be useful if the spec listed most of >> those, except for the vendor specific schemes, which should probably be >> left up to each vendor to worry about. > > I haven't updated the spec yet, but it strikes me that maybe what we > should do instead is have a whitelist of protocols we definitely want to > allow (e.g. mailto:) Sounds cool. Besides mailto, these should be white-listed: mms nntp rtsp (There are lots more, but just wanted to mention those) -- Michael
Received on Thursday, 21 April 2011 22:07:02 UTC