Add FTP related protocols to the registerProtocolHandler safelist.

[asankah]

Closes #6583

• At least two implementers are interested (and none opposed):
  • Chromium (https://groups.google.com/a/chromium.org/g/blink-dev/c/ABhlioapE0E/m/xcPa0oGIAAAJ)
  • Firefox (Adding FTP related protocols to the registerProtocolHandler safelist.  mozilla/standards-positions#513)
  • WebKit is N/A due to not supporting registerProtocolHandler.
• Tests are written and can be reviewed and commented upon at:
  • (Tests included in https://chromium-review.googlesource.com/c/chromium/src/+/2826871 and will be upstreamed once that change is accepted.)
• Implementation bugs are filed:
  • Chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=1199027
  • Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1705202
  • WebKit: (No support for registerProtocolHandler)

(See WHATWG Working Mode: Changes for more details.)

---

/system-state.html ( diff )

---

/acknowledgements.html ( diff )
/system-state.html ( diff )

[asankah]

Adding @domenic as well.

I updated the PR description to reflect that Firefox has reacted positively to the proposed change.

[annevk]

In the discussion with @valenting you mentioned removing credentials. Is that something you ended up pursuing? If so, it should probably be part of the standard, no? (Although I suppose we can only really do it for ftp, I'm not sure if that makes sense then.)

[domenic]

Yes, per the change in https://chromium-review.googlesource.com/c/chromium/src/+/2826871 it looks like that is what was implemented. @asankah can you update this PR to specify that behavior?

[domenic]

@asankah ping on updating the PR to match what Chromium does.

[asankah]

@domenic @annevk I looked at adding it, but the spec already contains the following text:

Leaking credentials. User agents must never send username or password information in the URLs that are escaped and included sent to the handler sites.

This already captures what was agreed upon regarding how ftp/ftps/sftp should be handled.

[annevk]

@asankah the ask is to make that explicit in the processing model. And perhaps it should be exclusively in the processing model, as it's not clear if that note also applies to mailto:username@server.example for instance (it shouldn't, because that would make the feature useless).

[asankah]

@annevk Ohh. Gotcha. I'll update the patch to address that.

[annevk]

Hey @asankah, is this still on your radar? We've been thinking of shipping this behavior in Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1705202.

cc @valenting

[hamishwillee]

@asankah @annevk Any more news on this? I'm hoping to update the MDN documentation, but if https://bugzilla.mozilla.org/show_bug.cgi?id=1705202 goes in and this PR does not then I will need to update browser compatibility data in a more complicated way, as this will end up being non-spec behavior in a released platform

[asankah]

Whoops. Yeah, on it.

[domenic]

The rebase appears to have gone poorly, could you retry?

[asankah]

Note that I removed the Leaking Credentials section since it is addressed in the processing steps.

The part about resources that may require credentials is, I believe, addressed in the "Leaking private data" section which warns about private URLs in general.

[domenic]

LGTM. Will give it a day in case @annevk wants to do an additional review.

[hamishwillee]

@domenic No comment from @annevk - should this go in?