Summary: | Implement whitelist for registerProtocolHandler | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | James Kozianski <koz> | ||||
Component: | New Bugs | Assignee: | James Kozianski <koz> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | abarth, ap, eric, ian, rektide | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
James Kozianski
2011-05-05 17:12:20 PDT
Created attachment 92507 [details]
Patch
Comment on attachment 92507 [details]
Patch
Seems reasonable.
Comment on attachment 92507 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=92507&action=review > Source/WebCore/page/Navigator.cpp:236 > + if (scheme.startsWith("web+")) { Is there a spec for this scheme prefix? This feels like the kind of thing that would make IETFers go bananas. I see. It was hixie's idea. Committed r87459: <http://trac.webkit.org/changeset/87459> Why was this patch done? Is it part of any spec? It mutes the ability of registerProtocolHandler to extend the web, and strikes me as a drastic overreaction to the need for a protective black-list. Mega :( |