/
draft-holsten-about-uri-scheme-07.txt
504 lines (296 loc) · 16.9 KB
/
draft-holsten-about-uri-scheme-07.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
Network Working Group J. Holsten
Internet-Draft
Intended status: Standards Track L. Hunt
Expires: May 5, 2011 Opera Software, ASA.
M. Yevstifeyev
November 2010
The 'about' URI scheme
draft-holsten-about-uri-scheme-07
Abstract
This document specifies the "about" URI scheme, that may be used by
the applications for almost any desired purpose, such as providing
access to application information, settings, preferences, etc. This
URI scheme has been used by many web browsers for quite a long time
informally, i. e. without being documented; this document is to
remove such uncertainty and give this scheme an official
specification.
Editorial Note (To be removed by RFC Editor)
Discussion of this draft should take place on the URI Review mailing
list (uri-review@ietf.org).
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 5, 2011.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
Holsten, et al. Expires May 5, 2011 [Page 1]
Internet-Draft The 'about' URI scheme November 2010
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
1. Introduction
This document specifies the "about" URI scheme, that may be used by
the applications for almost any desired purpose, such as providing
access to application information, settings, preferences, and even so
called "Easter eggs" (i. e. intentional hidden message, in-joke or
feature in the application; see [EASTER-EGGS]). It does not put any
limit on the type of the information, it designates the access to.
While any number of existing schemes could be used to identify such
resources, "about" URI has become the de facto standard. The "about"
URI scheme has been used by many applications for quite a long time
informally. They include such well-known browsers as Microsoft
Internet Explorer, Mozilla Firefox, Safari as well as less popular
Google Chrome, Konqueror and many others. However during this time
the "about" URI scheme have not been given any specification, either
published as RFC or in any other way. This document is to remove
such uncertainty and give this scheme an official specification and
registration. It also established the IANA registry for "about" URIs
segment tokens.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. URI Syntax
The general syntax of an "about" URI takes the form of "abouturi"
rule below, that is defined using ABNF [RFC5234]:
abouturi = "about:" segment [ "?" query ]
where "segment" and "query" are defined in [RFC3986].
Holsten, et al. Expires May 5, 2011 [Page 2]
Internet-Draft The 'about' URI scheme November 2010
4. Encoding Considerations
Because many characters are not permitted with the syntax, described
above, the "segment" and "query" elements MAY contain characters from
the Unicode Character Set [UCS] as suggested by URI [RFC3986], by
first encoding those characters as octets to the UTF-8 character
encoding [RFC3629]; those octets that correspond to characters in the
unreserved set [RFC3986] SHOULD be percent-encoded.
By using UTF-8 encoding, there are no known compatibility issues with
mapping Internationalized Resource Identifiers to "about" URIs
according to [RFC3987]. Since "about" URIs do not use domain names,
"ireg-name" conversion is unnecessary.
5. Resolving "about" URIs
All "about" URIs are categorised in three ways:
Reservation A reserved "about" URI is one that is claimed and
defined by a specification for use in a specific context.
Resolution Reserved "about" URIs MAY be defined as resolvable,
meaning that they resolve to a defined resource, even outside of
their defined usage context.
Recognition This relates to whether or not a given application
recognises a given URI and knows how to resolve it to a particular
resource.
The division of "about" URIs into the reservation and resolution
categories is per-fact while the recognition per-application.
Therefore, while an "about" URI may be classified as, for example,
reserved and resolvable, it may be not be recognized by all
applications.
5.1. Reservation
A reserved "about" URI is one that is claimed and defined by a
specification for use in a specific context. A reserved "about" URI
MUST be defined as either resolvable or unresolvable.
An unreserved "about" URI is any other "about" URI that is not
defined by a specification for use in a specific context, but which
MAY be recognized by an application.
Holsten, et al. Expires May 5, 2011 [Page 3]
Internet-Draft The 'about' URI scheme November 2010
5.1.1. about:blank
The "about" URI with the segment equal to "blank" and no query
component is reserved by this specification as resolvable. i.e.
"about:blank". Applications resolving the URI "about:blank" MUST
return a resource of zero length, containing no data, with the media
type "text/html" and the character encoding "UTF-8".
Note: If a query component is provided with "about:blank", such as
"about:blank?" or "about:blank?foo", then the URI is not considered
to be reserved by this specification.
5.2. Resolution
A reserved "about" URI defined as resolvable means that a conforming
implementation must resolve the given URI as defined in any context.
For example, if a web browser recognises a reserved and resolvable
URI, and a user enters that URI into the address bar, the web browser
would resolve the URI and return the resource to the user, as defined
by the specification that reserved it.
A reserved "about" URI defined as unresolveable means that there is
no defined resolution process for the URI that applies outside of the
specific context for which it is reserved. An implementation MAY
attempt to resolve the URI in an implementation-specific manner.
For example, the about:legacy-compat URI that is reserved by HTML
[HTML] for use in a legacy-parser compatible HTML DOCTYPE is defined
as unresolveable. If a user enters it into the address bar of their
browser, the browser MAY return any implementation-specific resource.
5.3. Recognition
A recognised "about" URI is an "about" URI that recognized by an
application. Applications that recognise reserved and resolvable
URIs MUST use the defined resolution process. Applications that
recognise unreserved or unresolvable URIs MAY resolve the URI in an
implementation-specific manner.
Applications MAY recognise and resolve any unreserved "about" URI, or
any reserved but unresolvable "about" URI used outside of its defined
context, to any resource, either internal or external, or redirect to
an alternative URI.
An unrecognized "about" URI is an "about" URI that is not recognized
by an application. Applications SHOULD resolve unrecognized "about"
URIs in the same way as "about:blank".
Holsten, et al. Expires May 5, 2011 [Page 4]
Internet-Draft The 'about' URI scheme November 2010
Note: As "about" URIs are designed to be internal to each
application, there is no expectation of any unreserved or
unresolvable URI returning the same resource among different
applications. However, it is worth noting that some conventions have
arisen for providing particular functionality via common "about"
URIs.
Historical note: Early versions of Netscape and Microsoft Internet
Explorer resolved unreserved "about" URIs in the following way: they
just displayed the text after "about:", treating it as HTML document.
However currently these applications refused such behavior.
5.4. Examples
The following examples illustrate some known URIs supported by
existing applications. They are not guaranteed to be resolvable by
every application.
about:config Commonly provides access to application preferences and
settings
about:cache Commonly provides access to information about resources
stored in the browsers cache. Current Mozilla Firefox
implementations also accept a query string to specify a specific
device to show more information about. e.g. about:
cache?device=offline provides details about the offline cache.
about:plugins Commonly provides access to information about
installed plugins
about:mozilla An easter egg supported by Mozilla showing a passage
from the fictional Book of Mozilla [MOZILLA-BOOK]
Applications are also permitted to redirect such URIs. For example,
Opera redirects all "about" URIs, with the exception of
"about:blank", to the equivalent URI using their internal "opera:"
scheme. e.g. "about:config" redirects to "opera:config".
This is not an exhaustive list. Many more are supported by numerous
applications. For more examples, consult Wikipedia's entry on the
"about: URI Scheme" [WIKIABOUT].
6. Normalization
"about" URIs use the standard URI normalization rules [RFC3986],
specifically Simple String Comparison, Case Normalization, and
Percent-Encoding Normalization. For example, "about:blank",
"about:blan%6B" and "about:blan%6b" are equivalent, though the
Holsten, et al. Expires May 5, 2011 [Page 5]
Internet-Draft The 'about' URI scheme November 2010
percent-encoded forms are discouraged.
Note that these normalization rules apply only to the case of
application built-in resolution of 'about' URIs, i.e. "about:blan%6B"
and "about:blank" SHALL be resolved in the same way. Other cases of
these URIs usage would require other normalization rules.
7. Security Considerations
"about" URIs might identify resources that reveal sensitive
information. Applications SHOULD ensure appropriate restrictions are
in place to protect such information from access or modification by
untrusted sources.
Implementations SHOULD also take note of the security considerations
described by [RFC3986]. In particular, the following issues SHOULD
be considered:
Reliability and Consistency: Implementations are responsible for the
reliability and consistency of the resources returned. However,
implementations SHOULD take care with "about" URIs that might
redirect to, or otherwise return a resource that might
subsequently access, remote resources, which might not be reliable
or consistent.
Malicious Construction: Implementations SHOULD take care to prevent
the construction of "about" URIs that might inadvertently perform
damaging local or remote operations, such as the modification of
data, or leaking of data to untrusted resources. For example,
incorporating unsanitised data provided by the user via the query
string into the resulting page could allow attackers to inject
scripts into pages, similar to a cross-site scripting (XSS)
attack.
Sensitive Information: Implementations SHOULD avoid including
sensitive information, such as passwords, within "about" URIs.
The security considerations for Rare IP Address Formats and Semantic
Attacks, as discussed by [RFC3986] do not apply to about URIs, as
they do not contain either IP addresses nor userinfo components.
8. IANA Considerations
This specification requests the IANA provisionally register the
"about" URI scheme as specified in this document and summarized in
the following template, per [RFC4395]:
Holsten, et al. Expires May 5, 2011 [Page 6]
Internet-Draft The 'about' URI scheme November 2010
URI scheme name: about
Status: Permanent
URI scheme syntax: See RFCXXXX, Section 3
URI scheme semantics: See RFCXXXX, Section 1
Encoding considerations: Percent-encoding is allowed in "segment"
and "query" components. Internationalization is handled by IRI
processing. See Section 4.
Intended usage: An "about" URI is designed to be used internally by
applications for almost any desired purpose. See RFCXXXX,
Section 1
Applications and/or protocols that use this URI scheme name: Any
applications that use URIs as identifiers for private resources,
such as web browsers.
Interoperability considerations: Applications are only REQUIRED to
support "about:blank", and MAY choose to interpret other "about"
URIs differently.
Security considerations: Applications SHOULD ensure appropriate
restrictions are in place to protect sensitive information that
might be revealed by "about" URIs from access or modification by
untrusted sources. See RFCXXXX, Section 7.
Relevant publications: RFCXXXX
Contact: Joseph Holsten (joseph@josephholsten.com)
Author/Change controller: W3C
9. Acknowledgements
This document was made possible thanks to the input of Henri Sivonen,
Ian Hickson, Larry Masinter, Bjoern Hoehrmann, Martin Durst and
Julian Reschke.
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Holsten, et al. Expires May 5, 2011 [Page 7]
Internet-Draft The 'about' URI scheme November 2010
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter,
"Uniform Resource Identifier (URI): Generic Syntax",
STD 66, RFC 3986, January 2005.
[RFC3987] Duerst, M. and M. Suignard, "Internationalized
Resource Identifiers (IRIs)", RFC 3987, January 2005.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
January 2008.
[UCS] International Organization for Standardization,
"Information Technology - Universal Multiple-Octet
Coded Character Set (UCS)", ISO/IEC Standard 10646,
December 2003.
10.2. Informative References
[EASTER-EGGS] Wikipedia, The Free Encyclopedia, "Easter egg
(media)", April 2011.
[HTML] W3C, "HTML5", April 2011.
[MOZILLA-BOOK] Wikipedia, The Free Encyclopedia, "The Book of
Mozilla", March 2011.
[RFC4395] Hansen, T., Hardie, T., and L. Masinter, "Guidelines
and Registration Procedures for New URI Schemes",
BCP 35, RFC 4395, February 2006.
[WIKIABOUT] Wikipedia, The Free Encyclopedia, "About: URI
scheme", April 2011.
Authors' Addresses
Joseph Anthony Pasquale Holsten
EMail: joseph@josephholsten.com
URI: http://josephholsten.com
Holsten, et al. Expires May 5, 2011 [Page 8]
Internet-Draft The 'about' URI scheme November 2010
Lachlan Hunt
Opera Software, ASA.
EMail: lachlan.hunt@lachy.id.au
URI: http://lachy.id.au/
Mykyta Yevstifeyev
EMail: evnikita2@gmail.com
Holsten, et al. Expires May 5, 2011 [Page 9]