The registerProtocolHandler method specifies a whitelist of schemes for
which web applications are allowed to register themselves as possible
handlers ( https://html.spec.whatwg.org/#whitelisted-scheme ). On the
JQuery Standards repository there is an issue stating that “A blacklist
(not a
On 03/07/2015 03:40 PM, Michael A. Peters wrote:
Especially crypto-currencies where even on Linux systems, the client is
often not under a package management system control and may be out of date.
QR codes pose the same problem but it is more difficult to trick a user
into scanning a QR
On 03/07/2015 11:50 AM, Krzysztof Jurewicz wrote:
*snip*
What are your thoughts about that? Are there any security considerations
preventing the whitelist solution? Or maybe a more general one should be
worked out?
I do not allow bitcoin: on my servers, nor anything except for http,
