CH Scratchpad
From MozillaWiki
design issues
- need to handle offline case gracefully
- fragment identifiers can be used, but hacky; ping WhatWG
- static add vs. dynamic add vs. preview actions
- spec issue: GET not very RESTful for first two cases
- security issues
- spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects
- how do we handle URI leakage as per HTML5 4.10.2.1. todo: does fx2 handle this? sounds hard (impossible?) to fix
- credential leakage spec verbiage sounds unimplementable
- set up security audit
- protocol handlers
- figure out what URI schemes are acceptable for both source and target
- protocol handlers
- POST issues
- use cases
- security stuff (see biesi/hixie thread in WhatWG archives)
- require https to prevent WiFi hotspot MiTM attacks?
web handlers todos
- code
-
refactor pref RDF stuff for protocol support: bug 384374 (waiting for review) - tweak pref RDF stuff for multiple apps: bug 384374
-
proto dialog: lightweight XUL dialog (implement and hook up) bug 385065 - prefs UI for changing bug 377784
- register{Protocol}Handler dialog & impl bug 385106
- platform specific app detection (win, mac, unix) bug 385114
-
- favicons for pre-shipped online handlers
- online default registry (plugin finder?)
- security review