21
edits
Changes
no edit summary
==Browsers==
===Common=== ====Cookies====
Browsers restrict the domains for which cookies can be set, to avoid "supercookies" being set for e.g. "co.uk", which would allow sites to track users across multiple domains owned by different entities.
====Local Storage Objects==== For reasons identical to cookies, browsers restrict the domains for which Local Storage Objects (LSOs) can be set to domains. ====document.domain====
The document.domain attribute is used to enable pages on different hosts of a domain to access each others' DOMs. Browsers restrict the values to which the document.domain property can be set, to maintain the same origin policy. [http://www.w3.org/TR/html5/browsers.html#dom-document-domain See the HTML5 spec for the algorithm].
====URL Bar==== Both Firefox and Chrome highlight the registered domain within the UI when displaying a page address. ====General UI==== Both Firefox and Chrome make use of the PSL to order entries within their interfaces for managing cookies and local data.
===Certificates=URL Bar====Chrome uses a combined search and URL bar. "name-shaped" queries - such as foo.com - query the PSL to determine whether the entered text is likely a search or a domain name. A term of "com" will be treated as a search for the phrase "com", because the term does not resolve to a registered domain (as it is just a public suffix). A term for "foo.com" is treated as a navigation, because it does contain a registered domain ("foo.com")
===Other UI=Certificates====
Chrome will reject wildcard certificates (*.foo.bar) if foo.bar is a Public Suffix. For this purpose, PRIVATE domains are ignored, permitting certificates for domains like "*.appspot.com" ====Safe Browsing==== Chrome uses the PSL to restrict Safe Browsing exceptions to registered domains. That is, if a domain is believed to have hosted malware/phishing, and a user chooses to proceed, that exception is remembered at the level of a registered domain. For this purpose, PRIVATE domains are ignored, although this may change in the future. ====Multi-process Security==== Chrome implements of a multi-process security model involving a singular "browser" process and multiple "renderer" process. It uses the PSL to determine when to create a new renderer process, on the basis that a compromise of a single renderer should not compromise data (eg: cookies, LSOs) from other origins. It does not make a distinction between private domains and ICANN-delegated domains. ====SDCH==== Chrome implements Shared Dictionary Compression over HTTP (SDCH) [http://en.wikipedia.org/wiki/Shared_Dictionary_Compression_Over_HTTP]. It uses the PSL to determine whether or not a given dictionary may be shared between services. It does not make a distinction between private domains and ICANN-delegated domains. ===Firefox=======Downloads==== Firefox uses the registered domain to sort entries in the Download Manager and Cookie Manager.
===To Be Investigated===
==Other==
===Services===
* [http://www.whoismind.com/ WhoisMind] uses the PSL to get the registered domain name out of inputted URLs.
===Programming Languages and Libraries===
* [http://godoc.org/code.google.com/p/go.net/publicsuffix The Go Language] uses the public suffix to determine whether or not Internet users can register domain names under the given domain.
* [http://docs.guava-libraries.googlecode.com/git/javadoc/com/google/common/net/InternetDomainName.html Guava] provides an interface for Java applications to query the Public Suffix List
