On Tue, 19 Apr 2011 13:33:43 -0400, Ian Hickson <[email protected]> wrote:
On Tue, 12 Apr 2011, Lachlan Hunt wrote:
We are investigating registerProtocolHandler and have been discussing
the need for a blacklist of protocols to forbid.
[...]
We'd like to know if we've missed any important schemes that must be
blocked, and we think it might be useful if the spec listed most of
those, except for the vendor specific schemes, which should probably be
left up to each vendor to worry about.
I haven't updated the spec yet, but it strikes me that maybe what we
should do instead is have a whitelist of protocols we definitely want to
allow (e.g. mailto:)
Sounds cool.
Besides mailto, these should be white-listed:
mms
nntp
rtsp
(There are lots more, but just wanted to mention those)
--
Michael
