Confirmed users
2,615
edits
User:Dmose:Protocol Handler Security Review: Difference between revisions
Jump to navigation
Jump to search
User:Dmose:Protocol Handler Security Review (view source)
Revision as of 21:40, 30 October 2007
, 30 October 2007→Security and Privacy
(→Other) |
|||
| Line 55: | Line 55: | ||
** Potential Risks | ** Potential Risks | ||
*** Phishy? (Encourages in-browser auth?) | *** Phishy? (Encourages in-browser auth?) | ||
**** trains user | |||
**** not notably worse than current situation | |||
**** need to try not to break future identity/auth mitigations | |||
**** same window/tab or different window/tab? | |||
*** The HTML5 spec has a [http://www.whatwg.org/specs/web-apps/current-work/#security3 list of possible security issues] that should be gone through | *** The HTML5 spec has a [http://www.whatwg.org/specs/web-apps/current-work/#security3 list of possible security issues] that should be gone through | ||
*** register{Content,Protocol}Handler need to use checkLoadURI ({{bug|401343}}) | *** register{Content,Protocol}Handler need to use checkLoadURI ({{bug|401343}}) | ||