User:Dmose:Protocol Handler Security Review: Difference between revisions

← Older edit

User:Dmose:Protocol Handler Security Review (view source)

Revision as of 00:10, 7 November 2007

478 bytes added , 7 November 2007

→‎Security and Privacy

Dmose

Confirmed users

2,615

edits

@@ Line 63: / Line 63: @@
 **** need to handle Intranet URI leakage as per HTML5 4.10.2.1; filed {{bug|402138}}
 **** Leaking credentials; filed {{bug|402152}}.
+**** Need to be sure only appropriate handlers can be overridden; filed {{bug|402788}}.
 **** Done; things we need to address now accounted for in this document with bugs filed.
 *** register{Content,Protocol}Handler should be restricted to http and https handlers ({{bug|401343}})
@@ Line 72: / Line 73: @@
 **** a problem, but not of the magnitude of add-on downloads, because this code doesn't execute locally with privs.  Decided to continue to allow handler sites to determine whether or not to require SSL.
 ** Misc
-*** figure out what URI schemes are acceptable for both source and target
 *** notification bar for handler registration insufficiently clear; filed {{bug|402245}}
 *** details and editing of handler info not available from prefs UI; filed {{bug|402252}}
@@ Line 79: / Line 79: @@
 *** verify that we don't leak various information; filed {{bug|402641}}
 *** need to decide on best behavior re opening in new tab/window; filed {{bug|402736}}
+*** there are some more bugs that need to be filed; dmose is working on paring down this; these are unlikely to be blockers:
+**** allow user to say "no and never again"
+**** credential leakage; url -> handler (yes for fx3), web page -> handler (no for fx 3) verify
+**** filter URI specs based on spec-specific criteria: X- headers out of mailto
+**** enforce URI syntax restrictions
+**** test registration spamming
+**** RDF serializer should be audited for quoting
 == Exported APIs ==