[whatwg] registerProtocolHandler - allow site to specify more info and do custom handling
Michael A. Puls II
shadow2531 at gmail.com
Tue Sep 22 08:00:43 PDT 2009
On Tue, 22 Sep 2009 09:54:12 -0400, João Eiras <joaoe at opera.com> wrote:
>
>> 2. The location of an icon like a favicon.ico file or png etc.
>>
>
> This is actually a real privacy issue. The user agent would periodically
> fetch a remove favicon, which discloses the end user's ip.
If you go to a site that uses registerProtocolHandler and you allow it to
register the handler, you already trust that site and have already
disclosed your ip to it. You'll disclose your ip to it again each time you
visit the site.
Now, if the site, which I obviously trust given the above, knows that my
browser is fetching the favicon fresh now and then and can see my ip (and
can even set a cookie when requesting the favicon), I think that's a
non-issue.
However...
> If any, such favicon would need to be made available offline immediately
> when installing the protocol handler
O.K., that would be acceptable. And, the UA could allow the *user* to
explicitly refetch the icon if they ever wanted to. The UA wouldn't even
really have to allow a refetch as the user could just go back to the site
and re-register then handler.
--
Michael
More information about the whatwg
mailing list