[whatwg] Whitelist for registerProtocolHandler()

* rektide <rektide at voodoowarez.com> wrote:
> 4. Whitelisting seems fundamentally 'anti-web' by enforcing only   
> what is out there already.

In theory, you're right. But in practice allowing everything except
blacklisted protocols is simply too scary, and we're not going to
implement anything like that.

For content types, we rely on a dynamic blacklist based on which
content types the browser knows of already. That's slightly more
reassuring, but still scary.

I'm sure we've missed something, somewhere.

-- 
Wilhelm Joys Andersen
Core, Opera Software

Received on Thursday, 9 June 2011 13:18:07 UTC