[whatwg] Proposal to extend registerProtocolHandler

[James Kozianski]

Hi,

I'd like to propose the following changes to the registerProtocolHandler
spec.

1. Introduce an isRegistered() function.

Currently if a site wants its users to register it as a handler for a given
protocol it has two options:

a) It can call registerProtocolHandler() on page load. (This approach
was suggested in [1])

b) It can have a button that the user clicks (or similar) to enact the
registration.


The former is problematic because the call to registerProtocolHandler will
cause the browser's UI to notify them of the registration (or prompt them to
make a decision), which is redundant if it occurs on every page load.


The latter is problematic because it puts the onus on each site developer to
provide the UI to allow the user to make the change. Also, as the site
doesn't know whether the user has already registered the given protocol
handler, it can't tailor its UI to reflect this. This means the UI either
always shows, or never shows, both of which are undesirable.


Having an isRegistered() function would allow a site to simply make the RPH
call conditionally on load, or to provide a UI for it that reflects the
user's current preference.


2. Introduce an unregisterProtocolHandler() function.

Such a function is desirable because it allows sites to remove outdated
handlers from clients and would enable clients to provide a UI for managing
their registered protocol handlers.


3. Require all URL arguments to have the same origin as the page executing
the call.

This would would make the behaviour of this set of functions more consistent
(isRegistered() should only work for same-domain queries, to prevent
information leaking).


Cheers,
James

[1] - http://www.mail-archive.com/whatwg@lists.whatwg.org/msg14548.html

Re: [whatwg] Disallowing dots in the protocol argument of registerProtocolHandler()

[Aryeh Gregor]

On Tue, Apr 19, 2011 at 9:51 AM, Wilhelm Joys Andersen
wilhel...@opera.com wrote:
 . . .
 After running the lines of script above, typing any of the
 following URLs will lead the user to evilsite.tld:

   mail.google.com:80/mail/
   192.168.1.1:80
 . . .
 To save ourselves (and our users) from possible future headaches,
 we have decided to disallow the use of dots in the protocol argument
 of registerProtocolHandler().

It was pointed out on IRC
http://krijnhoetmer.nl/irc-logs/whatwg/20110415#l-734 that it would
make sense to also ban the string localhost, as the only common
domain name that contains no dots.

Re: [whatwg] PeerConnection feedback

[Ian Hickson]

On Mon, 11 Apr 2011, Justin Uberti wrote:
 On Mon, Apr 11, 2011 at 7:09 PM, Ian Hickson i...@hixie.ch wrote:
  
   This has made UDP packets larger than the MTU pretty useless.
 
  So I guess the question is do we want to limit the input to a fixed 
  value that is the lowest used MTU (576 bytes per IPv4), or dynamically 
  and regularly determine what the lowest possible MTU is?
 
  The former has a major advantage: if an application works in one 
  environment, you know it'll work elsewhere, because the maximum packet 
  size won't change. This is a erious concern on the Web, where authors 
  tend to do limited testing and thus often fail to handle rare edge 
  cases well.
 
  The latter has a major disadvantage: the path MTU might change, 
  meaning we might start dropping data if we don't keep trying to 
  determine the Path MTU. Also, it's really hard to determine the Path 
  MTU in practice.
 
  For now I've gone with the IPv4 minimum maximum of 576 minus 
  overhead, leaving 504 bytes for user data per packet. It seems small, 
  but I don't know how much data people normally send along these 
  low-latency unreliable channels.
 
  However, if people want to instead have the minimum be dynamically 
  determined, I'm open to that too. I think the best way to approach 
  that would be to have UAs implement it as an experimental extension at 
  first, and for us to get implementation experience on how well it 
  works. If anyone is interested in doing that I'm happy to work with 
  them to work out a way to do this that doesn't interfere with UAs that 
  don't yet implement that extension.

 In practice, applications assume that the minimum MTU is 1280 (the 
 minimum IPv6 MTU), and limit payloads to about 1200 bytes so that with 
 framing they will fit into a 1280-byte MTU. Going down to 576 would 
 significantly increase the packetization overhead.

Interesting.

Is there any data out there about what works in practice? I've seen very 
conflicting information, ranging from anything above what IPv4 allows is 
risky to Ethernet kills everything above 1500. Wikipedia seems to think 
that while IPv4's lowest MTU is 576, practical path MTUs are only 
generally higher, which doesn't seem like a good enough guarantee for 
Web-platform APIs.

I'm happy to change this, but I'd like solid data to base the decision on.


On Wed, 13 Apr 2011, Harald Alvestrand wrote:

 The practical MTU of the current Internet is the Ethernet MTU: 1500 
 bytes minus headers. The IPv6 minimum maximum of 1280 bytes was chosen 
 to leave some room for headers, tunnels and so on.

That was my guess, yeah. Certainly once IPv6 is more widely deployed I 
think it would obviously make sense to increase the limit.


 My suggestion would be to note that applications need to be aware that 
 due to firewalls and other types of black holes, you might get 
 consistent packet loss for packets larger than a given size, typically 
 1280 bytes or 1480 bytes, and leave it at that.

Unlike most other platforms, where authors (programmers) tend to be at 
least somewhat experienced and where errors tend to be blamed on the 
application, on the Web, many of the authors are amateurs, and 
intermittent errors tend to be blamed on the browser. As such, we have to 
design our APIs to be as reliable as possible.


On Mon, 11 Apr 2011, Justin Uberti wrote:
  On Tue, 29 Mar 2011, Harald Alvestrand wrote:
 
   multiplexing of multiple data streams on the same channel using 
   SSRC,
 
  I don't follow. What benefit would that have?
 
 If you are in a conference that has 10 participants, you don't want to 
 have to set up a new transport for each participant. Instead, SSRC 
 provides an excellent way to multiplex multiple media streams over a 
 single RTP session (and network transport).

Could you elaborate on this? I have tried finding information on how SSRC 
works but cannot find anything useful. Can you point to the relevant parts 
of the RFCs that describe this mechanism maybe? I'm having trouble 
understanding how it works even for audio/video streams, let alone whether 
it would actually be appropriate for data.


  On Fri, 8 Apr 2011, Glenn Maynard wrote:
  
   FWIW, I thought the block-of-text configuration string was peculiar 
   and unlike anything else in the platform.  I agree that using a 
   configuration object (of some kind) makes more sense.
 
  An object wouldn't work very well as it would add additional steps in 
  the case where someone just wants to transmit the configuration 
  information to the client as data. Using JSON strings as input as 
  Harald suggested could work, but seems overly verbose for such a 
  simple data.
 
 I have a feeling that this configuration information will only start off 
 simple.

The configuration information mechanism is extensible. But generally 
speaking, we should not solve problems we don't yet have.


On Wed, 13 Apr 2011, Harald Alvestrand wrote:

 Since Ian seems to prefer to jumble all threads on a 

Re: [whatwg] PeerConnection feedback

[Harald Alvestrand]

On 04/22/11 00:27, Ian Hickson wrote:

  and procedures for identifying the stream in SDP (if we continue to
  use SDP) - I believe SDP implicitly assumes that all the streams it
  describes are RTP streams.

  
That doesn't seem to be the case, but I could be misinterpreting SDP.
Currently, the HTML spec includes instructions on how to identify the
stream in SDP; if those instructions are meaningless due to a
misunderstanding of SDP then we should fix it (and in that case, it
might indeed make a lot of sense to use RTP to carry this data).


  I'm not familiar with any HTTP-in-SDP spec; can you point out the
  reference?

What is HTTP-in-SDP?


I misquoted - you said Currently, the HTML spec includes instructions 
on how to identify the stream in SDP - I was asking for chapter and 
verse of the instructions, since I have no idea what you are talking about.

Re: [whatwg] Blacklist for regsiterProtocolHandler()

[Michael A. Puls II]

On Tue, 19 Apr 2011 13:33:43 -0400, Ian Hickson i...@hixie.ch wrote:


On Tue, 12 Apr 2011, Lachlan Hunt wrote:


We are investigating registerProtocolHandler and have been discussing
the need for a blacklist of protocols to forbid.

[...]

We'd like to know if we've missed any important schemes that must be
blocked, and we think it might be useful if the spec listed most of
those, except for the vendor specific schemes, which should probably be
left up to each vendor to worry about.


I haven't updated the spec yet, but it strikes me that maybe what we
should do instead is have a whitelist of protocols we definitely want to
allow (e.g. mailto:)


Sounds cool.

Besides mailto, these should be white-listed:

mms
nntp
rtsp

(There are lots more, but just wanted to mention those)

--
Michael