Warning:
This wiki has been archived and is now read-only.

User:Eoconnor/ISSUE-189

From HTML WG Wiki
Jump to: navigation, search


Disambiguate the web+ prefix definition from IANA registrations

Summary

The web+ prefix convention is an important feature for registerProtocolHandler() and thus should not be dropped from HTML5. That said, the text defining the convention currently looks like an IANA registration, which is confusing to consumers of the spec. This section of the spec should be made visually distinct from IANA registrations.

This is for ISSUE-189 (uri-web-prefix).

Rationale

Currently, user agents have a whitelist of URI schemes for which websites may register by calling registerProtocolHandler(). All other schemes (excepting those whose name begins with "web+") result in a SecurityError being thrown. Consider, for example, the large number of Web sites which help users easily create image macros (example). A web+macro scheme could be registered with IANA for such services. Having the web+ convention for the naming of future, rPH-safe URI schemes (such as web+macro) allows user agents to be uplevel-compatible with such schemes without requiring users to upgrade their browser.

The specification does not attempt to register the web+ naming convention with IANA's URI scheme registry. Quoting from § 12.6 "web+ scheme prefix": "This section describes a convention for use with the IANA URI scheme registry. It does not itself register a specific scheme." However, § 12.6 "web+ scheme prefix" resembles, in content and style, the IANA registrations of § 12.1–12.5. This is confusing to readers of the spec. For instance, the other ISSUE-189 Change Proposal claims "the spec takes the position that registration of scheme name prefixes is possible," whereas the spec takes no such position.

By altering the appearance of § 12.6 so that it doesn't resemble the IANA registrations of § 12.1–12.5, we can prevent further such confusion.

Details

Alter the appearance of § 12.6 so that it doesn't resemble the IANA registrations of § 12.1–12.5. 

Index: source
 ===================================================================
 --- source	(revision 7008)
 +++ source	(working copy)
 @@ -110547,49 +110547,32 @@
    scheme registry. It does not itself register a specific scheme. <a
    href="#refsRFC4395">[RFC4395]</a></p>
  
 -  <dl>
 -   <dt>URI scheme name:</dt>
 -   <dd>
 -    Schemes starting with the four characters "<code
 -    title="">web+</code>" followed by one or more letters in the range
 -    <code title="">a</code>-<code title="">z</code>.
 -   </dd>
 -   <dt>Status:</dt>
 -   <dd>permanent</dd>
 -   <dt>URI scheme syntax:</dt>
 -   <dd>Scheme-specific.</dd>
 -   <dt>URI scheme semantics:</dt>
 -   <dd>Scheme-specific.</dd>
 -   <dt>Encoding considerations:</dt>
 -   <dd>All "<code title="">web+</code>" schemes should use UTF-8 encodings were  relevant.</dd>
 -   <dt>Applications/protocols that use this URI scheme name:</dt>
 -   <dd>Scheme-specific.</dd>
 -   <dt>Interoperability considerations:</dt>
 -   <dd>The scheme is expected to be used in the context of Web applications.</dd>
 +  <p>Schemes using the <code title="">web+</code> prefix must have names
 +  starting with the four characters "<code title="">web+</code>"
 +  followed by one or more letters in the range <code
 +  title="">a</code>-<code title="">z</code>.</p>
 +
 +  <p>Registrations of such schemes should specify the syntax and
 +  semantics of the scheme. Registrations should define what applications
 +  and/or protocols use the scheme.</p>
 +
 +  <p>All "<code title="">web+</code>" schemes should use UTF-8 encodings were  relevant.</p>
 +
  <!--ADD-TOPIC:Security-->
 -   <dt>Security considerations:</dt>
 -   <dd>
 -    Any Web page is able to register a handler for all "<code
 -    title="">web+</code>" schemes. As such, these schemes must not be
 -    used for features intended to be core platform features (e.g.
 -    network transfer protocols like HTTP or FTP). Similarly, such
 -    schemes must not store confidential information in their URLs,
 -    such as usernames, passwords, personal information, or
 -    confidential project names.
 -   </dd>
 +  <p>Any Web page is able to register a handler for all "<code
 +  title="">web+</code>" schemes. As such, these schemes must not be used
 +  for features intended to be core platform features (e.g. network
 +  transfer protocols like HTTP or FTP). Similarly, such schemes must not
 +  store confidential information in their URLs, such as usernames,
 +  passwords, personal information, or confidential project names.</p>
  <!--REMOVE-TOPIC:Security-->
 -   <dt>Contact:</dt>
 -   <dd>Ian Hickson <ian@hixie.ch></dd>
 -   <dt>Author/Change controller:</dt>
 -   <dd>Ian Hickson <ian@hixie.ch></dd>
 -   <dt>References:</dt>
 -   <dd>
 -    <cite>Custom scheme and content handlers</cite>, HTML Living Standard:
 -    <a  href="#custom-handlers">http://www.whatwg.org/specs/web-apps/current-work/#custom-handlers</a>
 -   </dd>
 -  </dl>
  
 +  <p>Registrations should reference the description of <code
 +  title="">web+</code> schemes in <cite>Custom scheme and content
 +  handlers</cite>, HTML Living Standard: <a
 +   href="#custom-handlers">http://www.whatwg.org/specs/web-apps/current-work/#custom-handlers</a></p>
  
 +
    <h2 id="index" class="no-num">Index</h2>
  
    <div class="impl">

Impact

Positive Effects

  • Reduce confusion about whether the spec is attempting to register a scheme prefix;
  • Preserve the web+ feature.

Negative Effects

None.

Conformance Classes Changes

None.

Risks

  • The reformatted § 12.6 may still be confusing to some.

References

Inline.


Retrieved from "https://www.w3.org/html/wg/wiki/index.php?title=User:Eoconnor/ISSUE-189&oldid=13192"