[whatwg] Registering protocol handlers
Christian Biesinger
cbiesinger at web.de
Thu Apr 13 14:48:46 PDT 2006
Hi,
so, the latest WhatWG spec has a way to register protocol handlers:
http://whatwg.org/specs/web-apps/current-work/#browser
Its specification seems to have some issues:
- The mimeType argument description says "If mimeType values passed to
this method include characters such as commas or whitespace"
It seems to me that using "such as" in a normative part of the
specification is a rather bad idea. This also doesn't define what to do
with syntactically malformed types (throw an exception or do nothing?).
(Are schemes ever syntactically invalid as far as this method is
concerned, and should an exception be thrown if they are?)
- The spec doesn't say what should happen if multiple pages try to
register a handler, but maybe that's intentional (should it say that
this is outside the scope of the spec?)
- The character set that should be used before escaping the URI is not
defined. I assume it's UTF-8 (for all parts of the URI, including the
query)?
- Which characters should be escaped? The example that's later given
seems to imply "everything that's not an ASCII alphanumeric character".
Is that the right interpretation?
- What should happen with a syntactically malformed URI? Exception or
silently do nothing?
- The section "4.10.2.1. Security and privacy concerns [...]" has an
informative-sounding heading but does in fact seem to have normative
statements like "User agents must never send username or password
information in the URIs that are escaped and included sent to the
handler sites."
- It also doesn't define what exactly the registered handlers should be
applied to (just link clicks/loads initiated from URL bar and similar),
or also embedded content, but this seems to be intentional?
But maybe all that doesn't matter so much, given:
"User agents may do whatever they like when the methods are called."
"This section does not define how the pages registered by these methods
are used."
???
Is this feature a serious part of the spec? Why bother specifying the
above when UAs can ignore it or parts of it anyway? With this amount of
undefined behaviour, there doesn't seem to be any hope for interoperability.
-biesi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4762 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20060413/8a3ff2b2/attachment-0001.bin>
More information about the whatwg
mailing list