Add FTP-related protocols to the registerProtocolHandler safelist

asankah · web-flow · commit 5b01d3156ff2 · 2022-02-14T10:26:30.000-05:00
Closes #6583. This also adds normative steps to strip out the username and password components of the URL before passing it to the handler.
diff --git a/source b/source
@@ -98451,6 +98451,12 @@ interface <dfn interface>Navigator</dfn> {
      <li><p>Assert: <var>inputURL</var>'s <span data-x="concept-url-scheme">scheme</span> is
      <var>normalizedScheme</var>.</p></li>
 
+     <li><p><span data-x="set the username">Set the username</span> given <var>inputURL</var> and
+     the empty string.</p></li>
+
+     <li><p><span data-x="set the password">Set the password</span> given <var>inputURL</var> and
+     the empty string.</p></li>
+
      <li><p>Let <var>inputURLString</var> be the <span
      data-x="concept-url-serializer">serialization</span> of <var>inputURL</var>.</p></li>
 
@@ -98532,6 +98538,8 @@ interface <dfn interface>Navigator</dfn> {
 
     <ul class="brief">
      <li><code data-x="">bitcoin</code></li> <!-- https://en.bitcoin.it/wiki/BIP_0021 -->
+     <li><code data-x="">ftp</code></li>
+     <li><code data-x="">ftps</code></li>
      <li><code data-x="">geo</code></li>
      <li><code data-x="">im</code></li>
      <li><code data-x="">irc</code></li>
@@ -98543,6 +98551,7 @@ interface <dfn interface>Navigator</dfn> {
      <li><code data-x="">news</code></li>
      <li><code data-x="">nntp</code></li>
      <li><code data-x="">openpgp4fpr</code></li>
+     <li><code data-x="">sftp</code></li>
      <li><code data-x="">sip</code></li>
      <li><code data-x="">sms</code></li>
      <li><code data-x="">smsto</code></li>
@@ -98632,14 +98641,6 @@ interface <dfn interface>Navigator</dfn> {
   allowing administrators to disable custom handlers on certain subdomains, content types, or
   schemes.</p>
 
-  <p><strong>Leaking credentials.</strong> User agents must never send username or password
-  information in the URLs that are escaped and included sent to the handler sites. User agents may
-  even avoid attempting to pass to web-based handlers the URLs of resources that are known to
-  require authentication to access, as such sites would be unable to access the resources in
-  question without prompting the user for credentials themselves (a practice that would require the
-  user to know whether to trust the third-party handler, a decision many users are unable to make or
-  even understand).</p>
-
   <p><strong>Interface interference.</strong> User agents should be prepared to handle intentionally
   long arguments to the methods. For example, if the user interface exposed consists of an "accept"
   button and a "deny" button, with the "accept" binding containing the name of the handler, it's
@@ -127667,6 +127668,7 @@ INSERT INTERFACES HERE
   Arthur Stolyar,
   Arun Patole,
   Aryeh Gregor,
+  Asanka Herath,
   Asbj&oslash;rn Ulsberg,
   Ashley Gullen,
   Ashley Sheridan,
