[html5] r8555 - [giow] (3) Be more explicit about handing off to external software during naviga [...]
whatwg at whatwg.org
whatwg at whatwg.org
Wed Mar 19 15:01:42 PDT 2014
Author: ianh
Date: 2014-03-19 15:01:39 -0700 (Wed, 19 Mar 2014)
New Revision: 8555
Modified:
complete.html
index
source
Log:
[giow] (3) Be more explicit about handing off to external software during navigation.
Affected topics: HTML
Modified: complete.html
===================================================================
--- complete.html 2014-03-18 18:36:16 UTC (rev 8554)
+++ complete.html 2014-03-19 22:01:39 UTC (rev 8555)
@@ -298,7 +298,7 @@
<header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 18 March 2014</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 19 March 2014</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -67988,8 +67988,8 @@
<li><p>If the new resource is to be handled using a mechanism that does not affect the browsing
context, e.g. ignoring the navigation request altogether because the specified scheme is not one
- of the supported protocols, then abort these steps and proceed with that mechanism
- instead.</li>
+ of the supported protocols, then abort these steps and <a href=#hand-off-to-external-software title="hand-off to external
+ software">proceed with that mechanism instead</a>.</li>
<li>
@@ -68453,10 +68453,21 @@
<li><p>Otherwise, the document's <var title="">type</var> is such that the resource will not
affect the browsing context, e.g. because the resource is to be handed to an external application
- or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. Process the
- resource appropriately.</p>
+ or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. <a href=#hand-off-to-external-software title="hand-off to external software">Process the resource appropriately</a>.</p>
- </ol><hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
+ </ol><p>When a resource is handled by <dfn id=hand-off-to-external-software title="hand-off to external software">passing its URL or
+ data to an external software package</dfn> separate from the user agent (e.g. handing a <code title="">mailto:</code> URL to a mail client, or a Word document to a word processor), user
+ agents should attempt to mitigate the risk that this is an attempt to exploit the target software,
+ e.g. by prompting the user to confirm that the <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
+ document</a>'s <a href=#origin>origin</a> is to be allowed to invoke the specified software. In
+ particular, if the <a href=#navigate>navigate</a> algorithm, when it was invoked, was not <a href=#allowed-to-show-a-popup>allowed to
+ show a popup</a>, the user agent should not invoke the external software package without prior
+ user confirmation.</p>
+
+ <p class=example>For example, there could be a vulnerability in the target software's URL
+ handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>
+
+ <hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
user agent to <dfn id=update-the-session-history-with-the-new-page>update the session history with the new page</dfn>. When a user agent is
required to do this, it must <a href=#queue-a-task>queue a task</a> (associated with the <code><a href=#document>Document</a></code>
object of the <a href=#current-entry>current entry</a>, not the new one) to run the following steps:</p>
@@ -104659,6 +104670,7 @@
Lobotom Dysmon,
Logan<!-- on moz irc -->,
Loune,
+ Łukasz Pilorz,
Luke Kenneth Casson Leighton,
Maciej Stachowiak,
Magnus Kristiansen<!-- Dashiva -->,
Modified: index
===================================================================
--- index 2014-03-18 18:36:16 UTC (rev 8554)
+++ index 2014-03-19 22:01:39 UTC (rev 8555)
@@ -298,7 +298,7 @@
<header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 18 March 2014</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 19 March 2014</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -67988,8 +67988,8 @@
<li><p>If the new resource is to be handled using a mechanism that does not affect the browsing
context, e.g. ignoring the navigation request altogether because the specified scheme is not one
- of the supported protocols, then abort these steps and proceed with that mechanism
- instead.</li>
+ of the supported protocols, then abort these steps and <a href=#hand-off-to-external-software title="hand-off to external
+ software">proceed with that mechanism instead</a>.</li>
<li>
@@ -68453,10 +68453,21 @@
<li><p>Otherwise, the document's <var title="">type</var> is such that the resource will not
affect the browsing context, e.g. because the resource is to be handed to an external application
- or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. Process the
- resource appropriately.</p>
+ or because it is an unknown type that will be processed <a href=#as-a-download>as a download</a>. <a href=#hand-off-to-external-software title="hand-off to external software">Process the resource appropriately</a>.</p>
- </ol><hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
+ </ol><p>When a resource is handled by <dfn id=hand-off-to-external-software title="hand-off to external software">passing its URL or
+ data to an external software package</dfn> separate from the user agent (e.g. handing a <code title="">mailto:</code> URL to a mail client, or a Word document to a word processor), user
+ agents should attempt to mitigate the risk that this is an attempt to exploit the target software,
+ e.g. by prompting the user to confirm that the <a href=#source-browsing-context>source browsing context</a>'s <a href=#active-document>active
+ document</a>'s <a href=#origin>origin</a> is to be allowed to invoke the specified software. In
+ particular, if the <a href=#navigate>navigate</a> algorithm, when it was invoked, was not <a href=#allowed-to-show-a-popup>allowed to
+ show a popup</a>, the user agent should not invoke the external software package without prior
+ user confirmation.</p>
+
+ <p class=example>For example, there could be a vulnerability in the target software's URL
+ handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>
+
+ <hr><p>Some of the sections below, to which the above algorithm defers in certain cases, require the
user agent to <dfn id=update-the-session-history-with-the-new-page>update the session history with the new page</dfn>. When a user agent is
required to do this, it must <a href=#queue-a-task>queue a task</a> (associated with the <code><a href=#document>Document</a></code>
object of the <a href=#current-entry>current entry</a>, not the new one) to run the following steps:</p>
@@ -104659,6 +104670,7 @@
Lobotom Dysmon,
Logan<!-- on moz irc -->,
Loune,
+ Łukasz Pilorz,
Luke Kenneth Casson Leighton,
Maciej Stachowiak,
Magnus Kristiansen<!-- Dashiva -->,
Modified: source
===================================================================
--- source 2014-03-18 18:36:16 UTC (rev 8554)
+++ source 2014-03-19 22:01:39 UTC (rev 8555)
@@ -75804,8 +75804,8 @@
<li><p>If the new resource is to be handled using a mechanism that does not affect the browsing
context, e.g. ignoring the navigation request altogether because the specified scheme is not one
- of the supported protocols, then abort these steps and proceed with that mechanism
- instead.</p></li>
+ of the supported protocols, then abort these steps and <span data-x="hand-off to external
+ software">proceed with that mechanism instead</span>.</p></li>
<li>
@@ -76318,11 +76318,24 @@
<li><p>Otherwise, the document's <var data-x="">type</var> is such that the resource will not
affect the browsing context, e.g. because the resource is to be handed to an external application
- or because it is an unknown type that will be processed <span>as a download</span>. Process the
- resource appropriately.</p>
+ or because it is an unknown type that will be processed <span>as a download</span>. <span
+ data-x="hand-off to external software">Process the resource appropriately</span>.</p>
</ol>
+ <p>When a resource is handled by <dfn data-x="hand-off to external software">passing its URL or
+ data to an external software package</dfn> separate from the user agent (e.g. handing a <code
+ data-x="">mailto:</code> URL to a mail client, or a Word document to a word processor), user
+ agents should attempt to mitigate the risk that this is an attempt to exploit the target software,
+ e.g. by prompting the user to confirm that the <span>source browsing context</span>'s <span>active
+ document</span>'s <span>origin</span> is to be allowed to invoke the specified software. In
+ particular, if the <span>navigate</span> algorithm, when it was invoked, was not <span>allowed to
+ show a popup</span>, the user agent should not invoke the external software package without prior
+ user confirmation.</p>
+
+ <p class="example">For example, there could be a vulnerability in the target software's URL
+ handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>
+
<hr>
<p>Some of the sections below, to which the above algorithm defers in certain cases, require the
@@ -116892,6 +116905,7 @@
Lobotom Dysmon,
Logan<!-- on moz irc -->,
Loune,
+ Łukasz Pilorz,
Luke Kenneth Casson Leighton,
Maciej Stachowiak,
Magnus Kristiansen<!-- Dashiva -->,
More information about the Commit-Watchers
mailing list