[whatwg] Whitelist for registerProtocolHandler()
Wilhelm Joys Andersen
wilhelmja at opera.com
Thu Jun 9 13:18:07 PDT 2011
* rektide <rektide at voodoowarez.com> wrote:
> 4. Whitelisting seems fundamentally 'anti-web' by enforcing only
> what is out there already.
In theory, you're right. But in practice allowing everything except
blacklisted protocols is simply too scary, and we're not going to
implement anything like that.
For content types, we rely on a dynamic blacklist based on which
content types the browser knows of already. That's slightly more
reassuring, but still scary.
I'm sure we've missed something, somewhere.
--
Wilhelm Joys Andersen
Core, Opera Software
More information about the whatwg
mailing list