W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2015

Re: [whatwg] URI scheme whitelisting and the case of cryptocurrencies

From: Michael A. Peters <mpeters@domblogger.net>
Date: Sat, 07 Mar 2015 15:45:50 -0800
Message-ID: <54FB8DAE.1070107@domblogger.net>
To: whatwg@lists.whatwg.org


On 03/07/2015 03:40 PM, Michael A. Peters wrote:
>

> Especially crypto-currencies where even on Linux systems, the client is
> often not under a package management system control and may be out of date.
>
> QR codes pose the same problem but it is more difficult to trick a user
> into scanning a QR code, so it is harder to get the user's client to
> launch via a trick.

Another thing to consider, most crypto-currencies use the same Qt client 
codebase - so it is easy for a web site to specify a price in one 
crypto-currency but use the URI scheme for a different one, and some 
users may not realize the wrong client launched until it is too late and 
can't be undone.

e.g. `Please donate 3 QRK - that's all I ask'

but 3 bitcoins are sent before the user realize it was bitcoin-qt that 
the link launched.
Received on Saturday, 7 March 2015 23:46:15 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:29 UTC