Confirmed users
2,615
edits
User:Dmose:Protocol Handler Security Review: Difference between revisions
Jump to navigation
Jump to search
User:Dmose:Protocol Handler Security Review (view source)
Revision as of 19:44, 30 October 2007
, 30 October 2007→Security and Privacy
| Line 69: | Line 69: | ||
*** handler ISP DNS expiration and pounce | *** handler ISP DNS expiration and pounce | ||
*** non-SSL handlers in combination with DNS MiTM attacks (eg bogus Wifi APs) | *** non-SSL handlers in combination with DNS MiTM attacks (eg bogus Wifi APs) | ||
** Misc | ** Misc | ||
*** spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects | *** spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects | ||
| Line 75: | Line 74: | ||
*** credential leakage spec verbiage sounds unimplementable | *** credential leakage spec verbiage sounds unimplementable | ||
*** figure out what URI schemes are acceptable for both source and target | *** figure out what URI schemes are acceptable for both source and target | ||
*** opener browsing context not reachable; what about parent? | |||
== Exported APIs == | == Exported APIs == | ||