CH Scratchpad: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 19: Line 19:
** security stuff (see biesi/hixie thread in WhatWG archives)
** security stuff (see biesi/hixie thread in WhatWG archives)
*** require https to prevent WiFi hotspot MiTM attacks?
*** require https to prevent WiFi hotspot MiTM attacks?
== P1 todos ==
* pref RDF work (proto & mime)
* proto dialog: lightweight XUL dialog
* MIME backend
* tweak existing ucth dialog for mime
* security review
* prefs UI for changing
* register{content,Protocol}Handler dialogs
* POST support
* prod mgmt stuff: defaults, partner contact work

Revision as of 23:30, 5 June 2007

design issues

  • need to handle offline case gracefully
    • fragment identifiers can be used, but hacky; ping WhatWG
  • static add vs. dynamic add vs. preview actions
    • spec issue: GET not very RESTful for first two cases
  • security issues
    • spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects
    • how do we handle URI leakage as per HTML5 4.10.2.1. todo: does fx2 handle this? sounds hard (impossible?) to fix
    • credential leakage spec verbiage sounds unimplementable
    • set up security audit
      • protocol handlers
        • figure out what URI schemes are acceptable for both source and target
  • POST issues
    • use cases
    • security stuff (see biesi/hixie thread in WhatWG archives)
      • require https to prevent WiFi hotspot MiTM attacks?

P1 todos

  • pref RDF work (proto & mime)
  • proto dialog: lightweight XUL dialog
  • MIME backend
  • tweak existing ucth dialog for mime
  • security review
  • prefs UI for changing
  • register{content,Protocol}Handler dialogs
  • POST support
  • prod mgmt stuff: defaults, partner contact work
Retrieved from "https://wiki.mozilla.org/index.php?title=CH_Scratchpad&oldid=58778"