Bug 60322

Summary: Implement whitelist for registerProtocolHandler
Product: WebKit Reporter: James Kozianski <koz>
Component: New BugsAssignee: James Kozianski <koz>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, ap, eric, ian, rektide
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch eric: review+, abarth: commit-queue-

Description James Kozianski 2011-05-05 17:12:20 PDT 
Implement whitelist for registerProtocolHandler
Comment 1 James Kozianski 2011-05-05 17:13:56 PDT 
Created attachment 92507 [details]
Patch
Comment 2 Eric Seidel (no email) 2011-05-11 19:55:36 PDT 
Comment on attachment 92507 [details]
Patch

Seems reasonable.
Comment 3 Adam Barth 2011-05-11 20:11:00 PDT 
Comment on attachment 92507 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92507&action=review

> Source/WebCore/page/Navigator.cpp:236
> +    if (scheme.startsWith("web+")) {

Is there a spec for this scheme prefix?  This feels like the kind of thing that would make IETFers go bananas.
Comment 4 Adam Barth 2011-05-11 20:13:08 PDT 
I see.  It was hixie's idea.
Comment 5 James Kozianski 2011-05-26 18:17:45 PDT 
Committed r87459: <http://trac.webkit.org/changeset/87459>
Comment 6 rektide 2011-06-09 11:48:18 PDT 
Why was this patch done?  Is it part of any spec?  It mutes the ability of registerProtocolHandler to extend the web, and strikes me as a drastic overreaction to the need for a protective black-list.

Mega :(