From bd51c8dd67f33f3ceb79059a1f0a27740407e3c2 Mon Sep 17 00:00:00 2001
From: Asanka Herath Assert: inputURL's scheme is
normalizedScheme. Set the username given inputURL and
+ the empty string. Set the password given inputURL and
+ the empty string. Let inputURLString be the serialization of inputURL.
bitcoin
ftp
ftps
geo
im
irc
news
nntp
openpgp4fpr
sftp
sip
sms
smsto
Leaking credentials. User agents must never send username or password - information in the URLs that are escaped and included sent to the handler sites. User agents may - even avoid attempting to pass to web-based handlers the URLs of resources that are known to - require authentication to access, as such sites would be unable to access the resources in - question without prompting the user for credentials themselves (a practice that would require the - user to know whether to trust the third-party handler, a decision many users are unable to make or - even understand).
-Interface interference. User agents should be prepared to handle intentionally long arguments to the methods. For example, if the user interface exposed consists of an "accept" button and a "deny" button, with the "accept" binding containing the name of the handler, it's @@ -127503,6 +127504,7 @@ INSERT INTERFACES HERE Arthur Stolyar, Arun Patole, Aryeh Gregor, + Asanka Herath, Asbjørn Ulsberg, Ashley Gullen, Ashley Sheridan,