Permalink
Browse files

[e] (0) Explain why gopher isn't on the list

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=16099
Affected topics: DOM APIs

git-svn-id: http://svn.whatwg.org/webapps@7323 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
1 parent 209f7e1 commit d97799a2a1b4eb08a71d2e0c655ed160a4a182c5 @Hixie Hixie committed Sep 6, 2012
Showing with 30 additions and 0 deletions.
  1. +10 −0 complete.html
  2. +10 −0 index
  3. +10 −0 source
View
@@ -76853,6 +76853,16 @@ <h5 id=custom-handlers><span class=secno>7.5.1.2 </span>Custom scheme and conten
</ul><p class=note>This list can be changed. If there are schemes
that should be added, please send feedback.</p>
+ <p class=note>This list excludes any schemes that could
+ reasonably be expected to be supported inline, e.g. in an
+ <code><a href=#the-iframe-element>iframe</a></code>, such as <code title="">http</code> or (more
+ theoretically) <code title="">gopher</code>. If those were
+ supported, they could potentially be used in man-in-the-middle
+ attacks, by replacing pages that have frames with such content
+ with content under the control of the protocol handler. If the
+ user agent has native support for the schemes, this could further
+ be used for cookie-theft attacks.</p>
+
</dd>
<dt><var title="">mimeType</var> (<code title=dom-navigator-registerContentHandler><a href=#dom-navigator-registercontenthandler>registerContentHandler()</a></code> only)</dt>
View
10 index
@@ -76853,6 +76853,16 @@ interface <dfn id=navigatorcontentutils>NavigatorContentUtils</dfn> {
</ul><p class=note>This list can be changed. If there are schemes
that should be added, please send feedback.</p>
+ <p class=note>This list excludes any schemes that could
+ reasonably be expected to be supported inline, e.g. in an
+ <code><a href=#the-iframe-element>iframe</a></code>, such as <code title="">http</code> or (more
+ theoretically) <code title="">gopher</code>. If those were
+ supported, they could potentially be used in man-in-the-middle
+ attacks, by replacing pages that have frames with such content
+ with content under the control of the protocol handler. If the
+ user agent has native support for the schemes, this could further
+ be used for cookie-theft attacks.</p>
+
</dd>
<dt><var title="">mimeType</var> (<code title=dom-navigator-registerContentHandler><a href=#dom-navigator-registercontenthandler>registerContentHandler()</a></code> only)</dt>
View
10 source
@@ -89834,6 +89834,16 @@ interface <dfn>NavigatorContentUtils</dfn> {
<p class="note">This list can be changed. If there are schemes
that should be added, please send feedback.</p>
+ <p class="note">This list excludes any schemes that could
+ reasonably be expected to be supported inline, e.g. in an
+ <code>iframe</code>, such as <code title="">http</code> or (more
+ theoretically) <code title="">gopher</code>. If those were
+ supported, they could potentially be used in man-in-the-middle
+ attacks, by replacing pages that have frames with such content
+ with content under the control of the protocol handler. If the
+ user agent has native support for the schemes, this could further
+ be used for cookie-theft attacks.</p>
+
</dd>
<dt><var title="">mimeType</var> (<code title="dom-navigator-registerContentHandler">registerContentHandler()</code> only)</dt>

0 comments on commit d97799a

Please sign in to comment.