Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[giow] (3) Be more explicit about handing off to external software du…
…ring navigation.

Affected topics: HTML

git-svn-id: http://svn.whatwg.org/webapps@8555 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Mar 19, 2014
1 parent c0ffd43 commit d2dfde0
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 16 deletions.
24 changes: 18 additions & 6 deletions complete.html
Expand Up @@ -298,7 +298,7 @@

<header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 18 March 2014</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 19 March 2014</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
Expand Down Expand Up @@ -67988,8 +67988,8 @@ <h4 id=navigating-across-documents><span class=secno>6.6.1 </span>Navigating acr

<li><p>If the new resource is to be handled using a mechanism that does not affect the browsing
context, e.g. ignoring the navigation request altogether because the specified scheme is not one
of the supported protocols, then abort these steps and proceed with that mechanism
instead.</li>
of the supported protocols, then abort these steps and <a href=#hand-off-to-external-software title="hand-off to external
software">proceed with that mechanism instead</a>.</li>

<li>

Expand Down Expand Up @@ -68453,10 +68453,21 @@ <h4 id=navigating-across-documents><span class=secno>6.6.1 </span>Navigating acr

<li><p>Otherwise, the document's <var title="">type</var> is such that the resource will not
affect the browsing context, e.g. because the resource is to be handed to an external application
or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. Process the
resource appropriately.</p>
or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. <a href=#hand-off-to-external-software title="hand-off to external software">Process the resource appropriately</a>.</p>

</ol><p>When a resource is handled by <dfn id=hand-off-to-external-software title="hand-off to external software">passing its URL or
data to an external software package</dfn> separate from the user agent (e.g. handing a <code title="">mailto:</code> URL to a mail client, or a Word document to a word processor), user
agents should attempt to mitigate the risk that this is an attempt to exploit the target software,
e.g. by prompting the user to confirm that the <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#origin>origin</a> is to be allowed to invoke the specified software. In
particular, if the <a href=#navigate>navigate</a> algorithm, when it was invoked, was not <a href=#allowed-to-show-a-popup>allowed to
show a popup</a>, the user agent should not invoke the external software package without prior
user confirmation.</p>

<p class=example>For example, there could be a vulnerability in the target software's URL
handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>

</ol><hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
<hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
user agent to <dfn id=update-the-session-history-with-the-new-page>update the session history with the new page</dfn>. When a user agent is
required to do this, it must <a href=#queue-a-task>queue a task</a> (associated with the <code><a href=#document>Document</a></code>
object of the <a href=#current-entry>current entry</a>, not the new one) to run the following steps:</p>
Expand Down Expand Up @@ -104659,6 +104670,7 @@ <h2 class=no-num id=references>References</h2><!--REFS-->
Lobotom Dysmon,
Logan<!-- on moz irc -->,
Loune,
&Lstrok;ukasz Pilorz,
Luke Kenneth Casson Leighton,
Maciej Stachowiak,
Magnus Kristiansen<!-- Dashiva -->,
Expand Down
24 changes: 18 additions & 6 deletions index
Expand Up @@ -298,7 +298,7 @@

<header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 18 March 2014</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 19 March 2014</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
Expand Down Expand Up @@ -67988,8 +67988,8 @@ State: &lt;OUTPUT NAME=I&gt;1&lt;/OUTPUT&gt; &lt;INPUT VALUE="Increment" TYPE=BU

<li><p>If the new resource is to be handled using a mechanism that does not affect the browsing
context, e.g. ignoring the navigation request altogether because the specified scheme is not one
of the supported protocols, then abort these steps and proceed with that mechanism
instead.</li>
of the supported protocols, then abort these steps and <a href=#hand-off-to-external-software title="hand-off to external
software">proceed with that mechanism instead</a>.</li>

<li>

Expand Down Expand Up @@ -68453,10 +68453,21 @@ State: &lt;OUTPUT NAME=I&gt;1&lt;/OUTPUT&gt; &lt;INPUT VALUE="Increment" TYPE=BU

<li><p>Otherwise, the document's <var title="">type</var> is such that the resource will not
affect the browsing context, e.g. because the resource is to be handed to an external application
or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. Process the
resource appropriately.</p>
or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. <a href=#hand-off-to-external-software title="hand-off to external software">Process the resource appropriately</a>.</p>

</ol><p>When a resource is handled by <dfn id=hand-off-to-external-software title="hand-off to external software">passing its URL or
data to an external software package</dfn> separate from the user agent (e.g. handing a <code title="">mailto:</code> URL to a mail client, or a Word document to a word processor), user
agents should attempt to mitigate the risk that this is an attempt to exploit the target software,
e.g. by prompting the user to confirm that the <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
document</a>'s <a href=#origin>origin</a> is to be allowed to invoke the specified software. In
particular, if the <a href=#navigate>navigate</a> algorithm, when it was invoked, was not <a href=#allowed-to-show-a-popup>allowed to
show a popup</a>, the user agent should not invoke the external software package without prior
user confirmation.</p>

<p class=example>For example, there could be a vulnerability in the target software's URL
handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>

</ol><hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
<hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
user agent to <dfn id=update-the-session-history-with-the-new-page>update the session history with the new page</dfn>. When a user agent is
required to do this, it must <a href=#queue-a-task>queue a task</a> (associated with the <code><a href=#document>Document</a></code>
object of the <a href=#current-entry>current entry</a>, not the new one) to run the following steps:</p>
Expand Down Expand Up @@ -104659,6 +104670,7 @@ if (s = prompt('What is your name?')) {
Lobotom Dysmon,
Logan<!-- on moz irc -->,
Loune,
&Lstrok;ukasz Pilorz,
Luke Kenneth Casson Leighton,
Maciej Stachowiak,
Magnus Kristiansen<!-- Dashiva -->,
Expand Down
22 changes: 18 additions & 4 deletions source
Expand Up @@ -75804,8 +75804,8 @@ State: &lt;OUTPUT NAME=I>1&lt;/OUTPUT> &lt;INPUT VALUE="Increment" TYPE=BUTTON O

<li><p>If the new resource is to be handled using a mechanism that does not affect the browsing
context, e.g. ignoring the navigation request altogether because the specified scheme is not one
of the supported protocols, then abort these steps and proceed with that mechanism
instead.</p></li>
of the supported protocols, then abort these steps and <span data-x="hand-off to external
software">proceed with that mechanism instead</span>.</p></li>

<li>

Expand Down Expand Up @@ -76318,11 +76318,24 @@ State: &lt;OUTPUT NAME=I>1&lt;/OUTPUT> &lt;INPUT VALUE="Increment" TYPE=BUTTON O

<li><p>Otherwise, the document's <var data-x="">type</var> is such that the resource will not
affect the browsing context, e.g. because the resource is to be handed to an external application
or because it is an unknown type that will be processed <span>as a download</span>. Process the
resource appropriately.</p>
or because it is an unknown type that will be processed <span>as a download</span>. <span
data-x="hand-off to external software">Process the resource appropriately</span>.</p>

</ol>

<p>When a resource is handled by <dfn data-x="hand-off to external software">passing its URL or
data to an external software package</dfn> separate from the user agent (e.g. handing a <code
data-x="">mailto:</code> URL to a mail client, or a Word document to a word processor), user
agents should attempt to mitigate the risk that this is an attempt to exploit the target software,
e.g. by prompting the user to confirm that the <span>source browsing context</span>'s <span>active
document</span>'s <span>origin</span> is to be allowed to invoke the specified software. In
particular, if the <span>navigate</span> algorithm, when it was invoked, was not <span>allowed to
show a popup</span>, the user agent should not invoke the external software package without prior
user confirmation.</p>

<p class="example">For example, there could be a vulnerability in the target software's URL
handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>

<hr>

<p>Some of the sections below, to which the above algorithm defers in certain cases, require the
Expand Down Expand Up @@ -116892,6 +116905,7 @@ if (s = prompt('What is your name?')) {
Lobotom Dysmon,
Logan<!-- on moz irc -->,
Loune,
&#x0141;ukasz Pilorz,
Luke Kenneth Casson Leighton,
Maciej Stachowiak,
Magnus Kristiansen<!-- Dashiva -->,
Expand Down

0 comments on commit d2dfde0

Please sign in to comment.