Skip to content
Permalink
Browse files

[giow] (3) Be more explicit about handing off to external software du…

…ring navigation.

Affected topics: HTML

git-svn-id: http://svn.whatwg.org/webapps@8555 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Mar 19, 2014
1 parent c0ffd43 commit d2dfde05deea81fed58c63e20719db24e42791d1
Showing with 54 additions and 16 deletions.
  1. +18 −6 complete.html
  2. +18 −6 index
  3. +18 −4 source

<header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 18 March 2014</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 19 March 2014</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>

<li><p>If the new resource is to be handled using a mechanism that does not affect the browsing
context, e.g. ignoring the navigation request altogether because the specified scheme is not one
of the supported protocols, then abort these steps and proceed with that mechanism
instead.</li>
of the supported protocols, then abort these steps and <a href=#hand-off-to-external-software title="hand-off to external
software">proceed with that mechanism instead</a>.</li>

<li>


<li><p>Otherwise, the document's <var title="">type</var> is such that the resource will not
affect the browsing context, e.g. because the resource is to be handed to an external application
or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. Process the
resource appropriately.</p>
or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. <a href=#hand-off-to-external-software title="hand-off to external software">Process the resource appropriately</a>.</p>

</ol><p>When a resource is handled by <dfn id=hand-off-to-external-software title="hand-off to external software">passing its URL or
data to an external software package</dfn> separate from the user agent (e.g. handing a <code title="">mailto:</code> URL to a mail client, or a Word document to a word processor), user
agents should attempt to mitigate the risk that this is an attempt to exploit the target software,
e.g. by prompting the user to confirm that the <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#origin>origin</a> is to be allowed to invoke the specified software. In
particular, if the <a href=#navigate>navigate</a> algorithm, when it was invoked, was not <a href=#allowed-to-show-a-popup>allowed to
show a popup</a>, the user agent should not invoke the external software package without prior
user confirmation.</p>

<p class=example>For example, there could be a vulnerability in the target software's URL
handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>

</ol><hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
<hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
user agent to <dfn id=update-the-session-history-with-the-new-page>update the session history with the new page</dfn>. When a user agent is
required to do this, it must <a href=#queue-a-task>queue a task</a> (associated with the <code><a href=#document>Document</a></code>
object of the <a href=#current-entry>current entry</a>, not the new one) to run the following steps:</p>
Lobotom Dysmon,
Logan<!-- on moz irc -->,
Loune,
&Lstrok;ukasz Pilorz,
Luke Kenneth Casson Leighton,
Maciej Stachowiak,
Magnus Kristiansen<!-- Dashiva -->,
24 index

<header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 18 March 2014</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 19 March 2014</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>

<li><p>If the new resource is to be handled using a mechanism that does not affect the browsing
context, e.g. ignoring the navigation request altogether because the specified scheme is not one
of the supported protocols, then abort these steps and proceed with that mechanism
instead.</li>
of the supported protocols, then abort these steps and <a href=#hand-off-to-external-software title="hand-off to external
software">proceed with that mechanism instead</a>.</li>

<li>


<li><p>Otherwise, the document's <var title="">type</var> is such that the resource will not
affect the browsing context, e.g. because the resource is to be handed to an external application
or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. Process the
resource appropriately.</p>
or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. <a href=#hand-off-to-external-software title="hand-off to external software">Process the resource appropriately</a>.</p>

</ol><p>When a resource is handled by <dfn id=hand-off-to-external-software title="hand-off to external software">passing its URL or
data to an external software package</dfn> separate from the user agent (e.g. handing a <code title="">mailto:</code> URL to a mail client, or a Word document to a word processor), user
agents should attempt to mitigate the risk that this is an attempt to exploit the target software,
e.g. by prompting the user to confirm that the <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#origin>origin</a> is to be allowed to invoke the specified software. In
particular, if the <a href=#navigate>navigate</a> algorithm, when it was invoked, was not <a href=#allowed-to-show-a-popup>allowed to
show a popup</a>, the user agent should not invoke the external software package without prior
user confirmation.</p>

<p class=example>For example, there could be a vulnerability in the target software's URL
handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>

</ol><hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
<hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
user agent to <dfn id=update-the-session-history-with-the-new-page>update the session history with the new page</dfn>. When a user agent is
required to do this, it must <a href=#queue-a-task>queue a task</a> (associated with the <code><a href=#document>Document</a></code>
object of the <a href=#current-entry>current entry</a>, not the new one) to run the following steps:</p>
Lobotom Dysmon,
Logan<!-- on moz irc -->,
Loune,
&Lstrok;ukasz Pilorz,
Luke Kenneth Casson Leighton,
Maciej Stachowiak,
Magnus Kristiansen<!-- Dashiva -->,
22 source

<li><p>If the new resource is to be handled using a mechanism that does not affect the browsing
context, e.g. ignoring the navigation request altogether because the specified scheme is not one
of the supported protocols, then abort these steps and proceed with that mechanism
instead.</p></li>
of the supported protocols, then abort these steps and <span data-x="hand-off to external
software">proceed with that mechanism instead</span>.</p></li>

<li>


<li><p>Otherwise, the document's <var data-x="">type</var> is such that the resource will not
affect the browsing context, e.g. because the resource is to be handed to an external application
or because it is an unknown type that will be processed <span>as a download</span>. Process the
resource appropriately.</p>
or because it is an unknown type that will be processed <span>as a download</span>. <span
data-x="hand-off to external software">Process the resource appropriately</span>.</p>

</ol>

<p>When a resource is handled by <dfn data-x="hand-off to external software">passing its URL or
data to an external software package</dfn> separate from the user agent (e.g. handing a <code
data-x="">mailto:</code> URL to a mail client, or a Word document to a word processor), user
agents should attempt to mitigate the risk that this is an attempt to exploit the target software,
e.g. by prompting the user to confirm that the <span>source browsing context</span>'s <span>active
document</span>'s <span>origin</span> is to be allowed to invoke the specified software. In
particular, if the <span>navigate</span> algorithm, when it was invoked, was not <span>allowed to
show a popup</span>, the user agent should not invoke the external software package without prior
user confirmation.</p>

<p class="example">For example, there could be a vulnerability in the target software's URL
handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>

<hr>

<p>Some of the sections below, to which the above algorithm defers in certain cases, require the
Lobotom Dysmon,
Logan<!-- on moz irc -->,
Loune,
&#x0141;ukasz Pilorz,
Luke Kenneth Casson Leighton,
Maciej Stachowiak,
Magnus Kristiansen<!-- Dashiva -->,

0 comments on commit d2dfde0

Please sign in to comment.
You can’t perform that action at this time.