W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2015

Re: [whatwg] URI scheme whitelisting and the case of cryptocurrencies

From: Michael A. Peters <mpeters@domblogger.net>
Date: Sat, 07 Mar 2015 15:40:40 -0800
Message-ID: <54FB8C78.4010102@domblogger.net>
To: whatwg@lists.whatwg.org


On 03/07/2015 11:50 AM, Krzysztof Jurewicz wrote:
*snip*
>
> What are your thoughts about that? Are there any security considerations
> preventing the whitelist solution? Or maybe a more general one should be
> worked out?
>

I do not allow bitcoin: on my servers, nor anything except for http, 
https, or ftp.

The reason is because I have no way of knowing what third party 
applications might have vulnerabilities (including social engineering) 
that could be exploited by a specially crafted URI string being fed to them.

I don't even allow mailto:

I'm a big supporter of bitcoin but especially for a financial 
application where it can't be undone once confirmed in the blockchain, I 
just personally think it is too dangerous to even allow bitcoin: URIs on 
a web page.

I prefer the user launch the third party application and enter whatever 
parameters they want to enter into the client than a link that does 
things for them, including possibly some things they don't necessarily 
understand is happening.

Especially crypto-currencies where even on Linux systems, the client is 
often not under a package management system control and may be out of date.

QR codes pose the same problem but it is more difficult to trick a user 
into scanning a QR code, so it is harder to get the user's client to 
launch via a trick.
Received on Saturday, 7 March 2015 23:41:08 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:33 UTC