Done. As per http://crbug.com/21551, the URL has been changed to:
chrome://net-internals/* (Also changed "view-cache:", but announcing that in a separate thread.) On Thu, Sep 10, 2009 at 3:41 PM, Darin Fisher <[email protected]> wrote: > On Thu, Sep 10, 2009 at 3:32 PM, Adam Barth <[email protected]> wrote: >> >> On Thu, Sep 10, 2009 at 3:11 PM, Darin Fisher <[email protected]> wrote: >> > Yeah, whatever problems we have with view-net-internal, we must have >> > with >> > view-cache. Before making a change, we should understand why view-cache >> > hasn't been a problem. Or, has it? >> >> It's not as concrete as having a vulnerability or not. Every time we >> add a new scheme, we increase the attack surface and add complexity to >> our security logic. For example, chrome: has the noAccess bit set, >> which mitigates XSS on chrome: pages. I suspect we didn't remember to >> set the noAccess bit on view-net-internal. Of course we could enable >> that particular mitigation in this particular case, but it's a parade >> of paper cuts. >> >> Unless there's a tangible benefit to using a new scheme, it's probably >> not worth the cost. >> >> Adam > > > It's a good argument. So long as we arrive at a solution that allows us to > still have the bulk of the implementation (for these special pages) live in > the net/ module, I'm happy with changing them over to chrome:// URLs. > -Darin --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
