24091 2013-12-13 14:55:34 +0000 Support registerProtocolHandler() and registerContentHandler() 2015-09-28 12:01:42 +0000 1 1 1 Unclassified WHATWG Fetch unspecified PC All RESOLVED MOVED blocked on implementers weighing in P2 normal Unsorted 1 annevk annevk ian mike w3c sideshowbarker+fetchspec oldest_to_newest 97593 0 annevk 2013-12-13 14:55:34 +0000 See http://lists.w3.org/Archives/Public/public-webapps/2013OctDec/0622.html 97594 1 annevk 2013-12-13 14:56:19 +0000 A problem would be that <img src=data:...> is no longer safe as it could execute a network request if the MIME type was text/vcard or some such. 97599 2 ian 2013-12-13 16:58:01 +0000 Why would that not be safe? What's the attack vector? 98139 3 annevk 2014-01-08 17:45:28 +0000 An intranet could have broken (but harmless) code of the form <img src=mailto:test> This would suddenly start issuing network requests and reveal potentially confidential information to the user's email provider. I have a hard time thinking of something better, but it seems unexpected and potentially bad to have network requests for things that were just network errors before. 100066 4 ian 2014-02-07 22:42:27 +0000 If a page has <img src=mailto:test>, it's pretty bogus... 100277 5 annevk 2014-02-11 13:50:16 +0000 Chrome does not appear to implement registerContentHandler() and Gecko does not appear to implement these for fetching (just navigation). I could define these but interest seems limited. 109014 6 w3c 2014-07-16 17:04:17 +0000 IMHO, we shouldn't worry about <img src=mailto:test>. That's unlikely to be a problem in practice. I'm less sure about content handlers and data URLs... 109925 7 annevk 2014-08-05 10:59:36 +0000 Adam, but should we make it work at all? I think I'd rather have these only take effect during navigation. That seems much more intuitive. 123337 8 annevk 2015-09-28 12:01:42 +0000 https://github.com/whatwg/html/issues/198