CH Scratchpad

From MozillaWiki

Revision as of 01:00, 14 June 2007 by Dmose (talk | contribs) (→‎web handlers todos)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

design issues

need to handle offline case gracefully
- fragment identifiers can be used, but hacky; ping WhatWG

static add vs. dynamic add vs. preview actions
- spec issue: GET not very RESTful for first two cases

security issues
- spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects
- how do we handle URI leakage as per HTML5 4.10.2.1. todo: does fx2 handle this? sounds hard (impossible?) to fix
- credential leakage spec verbiage sounds unimplementable
- set up security audit
  - protocol handlers
    - figure out what URI schemes are acceptable for both source and target

POST issues
- use cases
- security stuff (see biesi/hixie thread in WhatWG archives)
  - require https to prevent WiFi hotspot MiTM attacks?

web handlers todos

proto pref RDF work: bug 384374
proto dialog: lightweight XUL dialog (implement and hook up)
pref RDF work: MIME
MIME backend
tweak existing ucth dialog for mime
security review
prefs UI for changing
register{content,Protocol}Handler dialogs
platform specific protohandler app detection (win, mac, unix)

Retrieved from "https://wiki.mozilla.org/index.php?title=CH_Scratchpad&oldid=59495"