[giow] (1) registerProtocolHandler() and registerContentHandler() sec…

…urity updates git-svn-id: http://svn.whatwg.org/webapps@6523 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Aug 23, 2011 · 8a36e83 · 8a36e83
1 parent b0f1d0c
commit 8a36e83
Show file tree

Hide file tree

Showing 3 changed files with 334 additions and 69 deletions.
diff --git a/complete.html b/complete.html
@@ -1358,7 +1358,8 @@ <h2 class="no-num no-toc" id=contents>Table of contents</h2>
    <li><a href=#application/microdata+json><span class=secno>17.8 </span><code>application/microdata+json</code></a></li>
    <li><a href=#application/html-peer-connection-data><span class=secno>17.9 </span><code>application/html-peer-connection-data</code></a></li>
    <li><a href=#ping-from><span class=secno>17.10 </span><code>Ping-From</code></a></li>
-   <li><a href=#ping-to><span class=secno>17.11 </span><code>Ping-To</code></a></ol></li>
+   <li><a href=#ping-to><span class=secno>17.11 </span><code>Ping-To</code></a></li>
+   <li><a href=#web+-scheme-prefix><span class=secno>17.12 </span><code>web+</code> scheme prefix</a></ol></li>
  <li><a class=no-num href=#index>Index</a>
   <ol>
    <li><a class=no-num href=#elements-1>Elements</a></li>
@@ -70485,7 +70486,11 @@ <h5 id=custom-handlers><span class=secno>7.5.1.2 </span>Custom scheme and conten
   the user is not repeatedly prompted with the same request.</p>
 
   <p>The arguments to the methods have the following meanings and
-  corresponding implementation requirements:</p>
+  corresponding implementation requirements. The requirements that
+  involve throwing exceptions must be processed in the order given
+  below, stopping at the first exception raised. (So the
+  <code><a href=#security_err>SECURITY_ERR</a></code> exceptions take precedence over the
+  <code><a href=#syntax_err>SYNTAX_ERR</a></code> exception.)</p>
 
   <dl><dt><var title="">scheme</var> (<code title=dom-navigator-registerProtocolHandler><a href=#dom-navigator-registerprotocolhandler>registerProtocolHandler()</a></code> only)</dt>
 
@@ -70501,8 +70506,29 @@ <h5 id=custom-handlers><span class=secno>7.5.1.2 </span>Custom scheme and conten
     (as in "<code>ftp:</code>"), will never match anything, since
     schemes don't contain colons.</p>
 
-    <p class=note>This feature is not intended to be used with
-    non-standard protocols.</p>
+    <p>If the <code title=dom-navigator-registerProtocolHandler><a href=#dom-navigator-registerprotocolhandler>registerProtocolHandler()</a></code>
+    method is invoked with a scheme that is neither a
+    <a href=#whitelisted-scheme>whitelisted scheme</a> nor a scheme whose value starts
+    with the substring "<code title="">web+</code>" and otherwise
+    contains only characters in the range U+0061 LATIN SMALL LETTER A
+    to U+007A LATIN SMALL LETTER Z, the user agent must raise
+    <code><a href=#security_err>SECURITY_ERR</a></code> exception.</p>
+
+    <p>The following schemes are the <dfn id=whitelisted-scheme title="whitelisted
+    scheme">whitelisted schemes</dfn>:</p>
+
+    <ul class=brief><li><code title="">irc</code></li>
+     <li><code title="">mailto</code></li>
+     <li><code title="">mms</code></li>
+     <li><code title="">news</code></li>
+     <li><code title="">nntp</code></li>
+     <li><code title="">sms</code></li>
+     <li><code title="">smsto</code></li>
+     <li><code title="">tel</code></li>
+     <li><code title="">urn</code></li>
+     <li><code title="">webcal</code></li>
+    </ul><p class=note>This list can be changed. If there are schemes
+    that should be added, please send feedback.</p>
 
    </dd>
 
@@ -70529,6 +70555,31 @@ <h5 id=custom-handlers><span class=secno>7.5.1.2 </span>Custom scheme and conten
     used by the user agent <em>after</em> the sniffing algorithms have
     been applied.</p>
 
+    <p>If the <code title=dom-navigator-registerContentHandler><a href=#dom-navigator-registercontenthandler>registerContentHandler()</a></code>
+    method is invoked with a <a href=#mime-type>MIME type</a> that is in the
+    <a href=#type-blacklist>type blacklist</a> or that the user agent has deemed a
+    privileged type, the user agent must raise
+    <code><a href=#security_err>SECURITY_ERR</a></code> exception.</p>
+
+    <p>The following <a href=#mime-type title="MIME type">MIME types</a> are in
+    the <dfn id=type-blacklist>type blacklist</dfn>:</p>
+
+    <ul title=brief><li><code><a href=#text/cache-manifest>text/cache-manifest</a></code></li>
+     <li><code>text/css</code></li>
+     <li><code><a href=#text/html-sandboxed>text/html-sandboxed</a></code></li>
+     <li><code><a href=#text/html>text/html</a></code></li>
+     <li><code><a href=#text/ping>text/ping</a></code></li>
+     <li><code>text/plain</code></li>
+     <li><code><a href=#application/x-www-form-urlencoded>application/x-www-form-urlencoded</a></code></li>
+     <li><code>image/gif</code></li>
+     <li><code>image/jpeg</code></li>
+     <li><code>image/png</code></li>
+     <li>All <a href=#xml-mime-type title="XML MIME type">XML MIME types</a></li>
+     <li>All types that the user agent supports displaying natively in a <a href=#browsing-context>browsing context</a> during <a href=#navigate title=navigate>navigation</a></li>
+
+    </ul><p class=note>This list can be changed. If there are schemes
+    that should be added, please send feedback.</p>
+
    </dd>
 
 
@@ -70557,6 +70608,14 @@ <h5 id=custom-handlers><span class=secno>7.5.1.2 </span>Custom scheme and conten
     &lt;query&gt; production defined in RFC 3986 by the
     percent-encoded form of that character. <a href=#refsRFC3986>[RFC3986]</a></p>
 
+    <p>User agents must raise a <code><a href=#syntax_err>SYNTAX_ERR</a></code> exception if
+    the <var title="">url</var> argument passed to one of these
+    methods does not contain the exact literal string
+    "<code>%s</code>", or if <a href=#resolve-a-url title="resolve a
+    url">resolving</a> the <var title="">url</var> argument with
+    the first occurrence of the string "<code title="">%s</code>"
+    removed, relative to the <a href=#entry-script>entry script</a>'s <a href="#script's-base-url" title="script's base URL">base URL</a>, is not successful.</p>
+
     <div class=example>
 
      <p>If the user had visited a site at <code title="">http://example.com/</code> that made the following
@@ -70593,24 +70652,7 @@ <h5 id=custom-handlers><span class=secno>7.5.1.2 </span>Custom scheme and conten
 
    </dd>
 
-  </dl><p>User agents should raise <code><a href=#security_err>SECURITY_ERR</a></code> exceptions if
-  the methods are called with <var title="">scheme</var> or <var title="">mimeType</var> values that the UA deems to be
-  "privileged". For example, a site attempting to register a handler
-  for <code>http</code> URLs or <code><a href=#text/html>text/html</a></code> content in a
-  Web browser would likely cause an exception to be raised.</p>
-
-  <p>User agents must raise a <code><a href=#syntax_err>SYNTAX_ERR</a></code> exception if the
-  <var title="">url</var> argument passed to one of these methods does
-  not contain the exact literal string "<code>%s</code>", or if <a href=#resolve-a-url title="resolve a url">resolving</a> the <var title="">url</var>
-  argument with the first occurrence of the string "<code title="">%s</code>" removed, relative to the <a href=#entry-script>entry
-  script</a>'s <a href="#script's-base-url" title="script's base URL">base URL</a>, is
-  not successful.</p>
-
-  <p>User agents must not raise any other exceptions (other than
-  binding-specific exceptions, such as for an incorrect number of
-  arguments in an JavaScript implementation).</p>
-
-  <p>This section does not define how the pages registered by these
+  </dl><p>This section does not define how the pages registered by these
   methods are used, beyond the requirements on how to process the <var title="">url</var> value (see above). To some extent, the <a href=#navigate title=navigate>processing model for navigating across
   documents</a> defines some cases where these methods are
   relevant, but in general UAs may use this information wherever they
@@ -98304,7 +98346,44 @@ <h3 id=ping-from><span class=secno>17.10 </span><dfn title=http-ping-from><code>
    </dd>
    <dt>Related information</dt>
    <dd>None.</dd>
-  </dl><!--PING--><h2 class=no-num id=index>Index</h2>
+  </dl><!--PING--><h3 id=web+-scheme-prefix><span class=secno>17.12 </span><dfn title=scheme-web><code>web+</code> scheme prefix</dfn></h3>
+
+  <p>This section describes a convention for use with the IANA URI
+  scheme registry. It does not itself register a specific scheme. <a href=#refsRFC4395>[RFC4395]</a></p>
+
+  <dl><dt>URI scheme name</dt>
+   <dd>
+    Schemes starting with the four characters "<code title="">web+</code>" followed by one or more letters in the range
+    <code title="">a</code>-<code title="">z</code>.
+   </dd>
+   <dt>Status</dt>
+   <dd>permanent</dd>
+   <dt>URI scheme syntax</dt>
+   <dd>Scheme-specific.</dd>
+   <dt>URI scheme semantics</dt>
+   <dd>Scheme-specific.</dd>
+   <dt>Encoding considerations</dt>
+   <dd>All "<code title="">web+</code>" schemes should use UTF-8 encodings were relevant.</dd>
+   <dt>Applications/protocols that use this URI scheme name</dt>
+   <dd>Scheme-specific.</dd>
+   <dt>Interoperability considerations</dt>
+   <dd>The scheme is expected to be used in the context of Web applications.</dd>
+   <dt>Security considerations</dt>
+   <dd>
+    Any Web page is able to register a handler for all "<code title="">web+</code>" schemes. As such, these schemes must not be
+    used for features intended to be core platform features (e.g.
+    network transfer protocols like HTTP or FTP). Similarly, such
+    schemes must not store confidential information in their URLs,
+    such as usernames, passwords, personal information, or
+    confidential project names.
+   </dd>
+   <dt>Contact</dt>
+   <dd>Ian Hickson &lt;ian@hixie.ch&gt;</dd>
+   <dt>Author/Change controller</dt>
+   <dd>Ian Hickson &lt;ian@hixie.ch&gt;</dd>
+   <dt>References</dt>
+   <dd>W3C</dd>
+  </dl><h2 class=no-num id=index>Index</h2>
 
   <div class=impl>
 
@@ -101734,6 +101813,9 @@ <h3 class="no-num">Reflecting IDL attributes</h3>
    <dd>(Non-normative) <cite><a href=http://tools.ietf.org/html/rfc4329>Scripting Media
    Types</a></cite>, B. H&ouml;hrmann. IETF.</dd>
 
+   <dt id=refsRFC4395>[RFC4395]</dt>
+   <dd><cite><a href=http://tools.ietf.org/html/rfc4395>Guidelines and Registration Procedures for New URI Schemes</a></cite>, T. Hansen, T. Hardie, L. Masinter. IETF.</dd>
+
    <dt id=refsRFC4648>[RFC4648]</dt>
    <dd><cite><a href=http://tools.ietf.org/html/rfc4648>The Base16,
    Base32, and Base64 Data Encodings</a></cite>, S. Josefsson.
@@ -102187,6 +102269,7 @@ <h3 class="no-num">Reflecting IDL attributes</h3>
   James Craig,
   James Graham,
   James Justin Harrell,
+  James Kozianski,
   James M Snell,
   James Perrett,
   James Robinson,
@@ -102492,6 +102575,7 @@ <h3 class="no-num">Reflecting IDL attributes</h3>
   Wayne Pollock,
   Wellington Fernando de Macedo,
   Weston Ruter,
+  Wilhelm Joys Andersen,
   Will Levine,
   William Swanson,
   Wladimir Palant,