CH Scratchpad

Revision as of 21:34, 31 July 2007 by Dmose (talk | contribs) (→‎web handlers todos)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

design issues

need to handle offline case gracefully
- fragment identifiers can be used, but hacky; ping WhatWG

static add vs. dynamic add vs. preview actions
- spec issue: GET not very RESTful for first two cases

security issues
- spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects
- how do we handle URI leakage as per HTML5 4.10.2.1. todo: does fx2 handle this? sounds hard (impossible?) to fix
- credential leakage spec verbiage sounds unimplementable
- set up security audit
  - protocol handlers
    - figure out what URI schemes are acceptable for both source and target

POST issues
- use cases
- security stuff (see biesi/hixie thread in WhatWG archives)
  - require https to prevent WiFi hotspot MiTM attacks?

web handlers todos

~~refactor pref RDF stuff for protocol support: bug 384374 (waiting for review)~~
tweak pref RDF stuff for multiple apps: bug 384374
~~proto dialog: lightweight XUL dialog (implement and hook up) bug 385065~~
prefs UI for changing bug 377784
security review
register{Protocol}Handler dialogs bug 385106
platform specific app detection (win, mac, unix) bug 385114
favicons for pre-shipped online handlers
online default registry (plugin finder?)

Retrieved from "https://wiki.mozilla.org/index.php?title=CH_Scratchpad&oldid=64130"