Hi,
Bitcoin payments have a standard
bitcoin: URI scheme described in
https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki When registering a handler for this protocol via JavaScript
navigator.registerProtocolHandler() the user can initiate Bitcoin payments from their web wallets (LocalBitcoins, Coinbase, BlockChain.info to name a few). Bitcoin payment is done simply by clicking the Bitcoin payment URL, which opens a payment page in the wallet, making the payment process very straightforward. For now, Chromium users needs to copy-paste two separate tokens (bitcoin address, amount) from a page to another to make a payment from the web wallet. Firefox supports registering a handler for
bitcoin: URIs.
Currently Chromium / Chrome does not allow registering
bitcoin: handlers via JavaScript by web wallets. It is available only via browser extensions. What it would take to make this possible without using extensions? The hardcoded whitelist is defined here:
https://code.google.com/p/chromium/codesearch#chromium/src/chrome/installer/util/shell_util.cc&q=nntp&sq=package:chromium&l=1416&type=csSecurity implications-
bitcoin: URI scheme has an open specification
https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki - There are several compatible wallet implementations, both web and desktop having support for bitcoin: Implementation diversity lowers the risk for using bitcoin: URIs as an attack vector against native applications.
- All Bitcoin wallets require user interaction after bitcoin: URI opening, so automated attacks against URIs are not likely
- Currently there exist many malicious Chrome browser extensions which steal the bitcoins of the user. Whitelisting the protocol handler would eliminate the need for using browser extensions, thus making the web generally a safer place for Bitcoin users.
http://www.coindesk.com/chrome-extension-could-vulnerable-malware/Implementation implications- Is there any decided process / stance how new protocol handlers should be whitelisted?
- What tests are needed to get bitcoin: URIs whitelisted?
If the Chromium team does not see any problems going forward with this, I can
More info -
https://developer.mozilla.org/en-US/docs/Web/API/navigator.registerProtocolHandlerCheers,
Mikko Ohtamaa
http://opensourcehacker.comhttp://twitter.com/moo9000