[e] (0) Explain why gopher isn't on the list

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=16099 Affected topics: DOM APIs git-svn-id: http://svn.whatwg.org/webapps@7323 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Sep 6, 2012 · d97799a · d97799a
1 parent 209f7e1
commit d97799a
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 0 deletions.
diff --git a/complete.html b/complete.html
@@ -76853,6 +76853,16 @@ <h5 id=custom-handlers><span class=secno>7.5.1.2 </span>Custom scheme and conten
     </ul><p class=note>This list can be changed. If there are schemes
     that should be added, please send feedback.</p>
 
+    <p class=note>This list excludes any schemes that could
+    reasonably be expected to be supported inline, e.g. in an
+    <code><a href=#the-iframe-element>iframe</a></code>, such as <code title="">http</code> or (more
+    theoretically) <code title="">gopher</code>. If those were
+    supported, they could potentially be used in man-in-the-middle
+    attacks, by replacing pages that have frames with such content
+    with content under the control of the protocol handler. If the
+    user agent has native support for the schemes, this could further
+    be used for cookie-theft attacks.</p>
+
    </dd>
 
    <dt><var title="">mimeType</var> (<code title=dom-navigator-registerContentHandler><a href=#dom-navigator-registercontenthandler>registerContentHandler()</a></code> only)</dt>

diff --git a/index b/index
@@ -76853,6 +76853,16 @@ interface <dfn id=navigatorcontentutils>NavigatorContentUtils</dfn> {
     </ul><p class=note>This list can be changed. If there are schemes
     that should be added, please send feedback.</p>
 
+    <p class=note>This list excludes any schemes that could
+    reasonably be expected to be supported inline, e.g. in an
+    <code><a href=#the-iframe-element>iframe</a></code>, such as <code title="">http</code> or (more
+    theoretically) <code title="">gopher</code>. If those were
+    supported, they could potentially be used in man-in-the-middle
+    attacks, by replacing pages that have frames with such content
+    with content under the control of the protocol handler. If the
+    user agent has native support for the schemes, this could further
+    be used for cookie-theft attacks.</p>
+
    </dd>
 
    <dt><var title="">mimeType</var> (<code title=dom-navigator-registerContentHandler><a href=#dom-navigator-registercontenthandler>registerContentHandler()</a></code> only)</dt>

diff --git a/source b/source
@@ -89834,6 +89834,16 @@ interface <dfn>NavigatorContentUtils</dfn> {
     <p class="note">This list can be changed. If there are schemes
     that should be added, please send feedback.</p>
 
+    <p class="note">This list excludes any schemes that could
+    reasonably be expected to be supported inline, e.g. in an
+    <code>iframe</code>, such as <code title="">http</code> or (more
+    theoretically) <code title="">gopher</code>. If those were
+    supported, they could potentially be used in man-in-the-middle
+    attacks, by replacing pages that have frames with such content
+    with content under the control of the protocol handler. If the
+    user agent has native support for the schemes, this could further
+    be used for cookie-theft attacks.</p>
+
    </dd>
 
    <dt><var title="">mimeType</var> (<code title="dom-navigator-registerContentHandler">registerContentHandler()</code> only)</dt>