User:Dmose:Protocol Handler Security Review
Security and Privacy
- What security issues do you address in your project?
- Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
- mime-types.rdf corruption / missing
- application prefs.js missing
- user prefs.js missing
- ISP DNS expiration
- non-SSL handlers
- Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
- Assumptions
- Capabilities
- Potential Risks
- Phishy? (Encourages in-browser auth?)
- The HTML5 spec has a http://www.whatwg.org/specs/web-apps/current-work/#security3 list of possible security issues] that should be gone through
- Uses of web-handled URIs in contexts other than in href attribute of a element
- object
- embed
- iframe (no status bar; even phishier than usual?)
- script
- img
- others?
- old warning dialog has been removed
- Logic:
- if it's that risky we shouldn't be doing it
- unclear how much a warning dialog helps anyway"
- Logic:
- Misc
- spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects
- how do we handle URI leakage as per HTML5 4.10.2.1. todo: does fx2 handle this? sounds hard (impossible?) to fix
- credential leakage spec verbiage sounds unimplementable
- figure out what URI schemes are acceptable for both source and target