CH Scratchpad

From MozillaWiki

Revision as of 16:41, 11 May 2007 by Dmose (talk | contribs) (→‎design issues)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

design issues

need to handle offline case gracefully
- fragment identifiers can be used, but hacky; ping WhatWG

static add vs. dynamic add vs. preview actions
- spec issue: GET not very RESTful for first two cases

security issues
- spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects
- how do we handle URI leakage as per HTML5 4.10.2.1. todo: does fx2 handle this? sounds hard (impossible?) to fix
- credential leakage spec verbiage sounds unimplementable
- set up security audit
  - protocol handlers
    - figure out what URI schemes are acceptable for both source and target

POST issues
- use cases
- security stuff (see biesi/hixie thread in WhatWG archives)
  - require https to prevent WiFi hotspot MiTM attacks?

Retrieved from "https://wiki.mozilla.org/index.php?title=CH_Scratchpad&oldid=56550"