W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] Whitelist for registerProtocolHandler()

From: Wilhelm Joys Andersen <wilhelmja@opera.com>
Date: Thu, 09 Jun 2011 20:18:07 +0000
Message-ID: <20110609201807.rlj5tx3nmg9w4cck@staff.opera.com>
* rektide <rektide at voodoowarez.com> wrote:
> 4. Whitelisting seems fundamentally 'anti-web' by enforcing only   
> what is out there already.

In theory, you're right. But in practice allowing everything except
blacklisted protocols is simply too scary, and we're not going to
implement anything like that.

For content types, we rely on a dynamic blacklist based on which
content types the browser knows of already. That's slightly more
reassuring, but still scary.

I'm sure we've missed something, somewhere.

-- 
Wilhelm Joys Andersen
Core, Opera Software
Received on Thursday, 9 June 2011 13:18:07 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:33 UTC