CH Scratchpad: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 2: | Line 2: | ||
* need to handle offline case gracefully | * need to handle offline case gracefully | ||
** fragment identifiers can be used, but hacky; ping WhatWG | |||
* static add vs. dynamic add vs. preview actions | * static add vs. dynamic add vs. preview actions | ||
| Line 11: | Line 12: | ||
** credential leakage spec verbiage sounds unimplementable | ** credential leakage spec verbiage sounds unimplementable | ||
** set up security audit | ** set up security audit | ||
*** protocol handlers | |||
**** figure out what URI schemes are acceptable for both source and target | |||
* POST issues | * POST issues | ||
** use cases | ** use cases | ||
** security stuff (see biesi/hixie thread in WhatWG archives) | ** security stuff (see biesi/hixie thread in WhatWG archives) | ||
*** require https to prevent WiFi hotspot | *** require https to prevent WiFi hotspot MiTM attacks? | ||
Revision as of 16:41, 11 May 2007
design issues
- need to handle offline case gracefully
- fragment identifiers can be used, but hacky; ping WhatWG
- static add vs. dynamic add vs. preview actions
- spec issue: GET not very RESTful for first two cases
- security issues
- spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects
- how do we handle URI leakage as per HTML5 4.10.2.1. todo: does fx2 handle this? sounds hard (impossible?) to fix
- credential leakage spec verbiage sounds unimplementable
- set up security audit
- protocol handlers
- figure out what URI schemes are acceptable for both source and target
- protocol handlers
- POST issues
- use cases
- security stuff (see biesi/hixie thread in WhatWG archives)
- require https to prevent WiFi hotspot MiTM attacks?