Summary: Gecko will report an error when loading an unknown external
protocol (by firing an NS_ERROR_UNKNOWN_PROTOCOL event). This could be a
privacy threat because the behavior allows websites to enumerate external
protocols of users’ platforms, which is a fingerprinting issue. To address
this problem, we propose to suppress the error when loading an unknown
external protocol.
Bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=680300
Link to standard: No formal specification for this. In the HTML standard
[1], there is one small paragraph describing how to handle external
protocols. However, it doesn’t define what we should do for unknown
external protocols.
Platform coverage: All platforms
Estimated or target release: Firefox 63
Preference behind which this will be implemented: None
Is this feature enabled by default in sandboxed iframes? Yes
If allowed, does it preserve the current invariants in terms of what
sandboxed iframes can do? I believe so.
DevTools bug: None
Do other browser engines implement this?
I tested and verified on Chrome, Edge, and Safari. None of them would
report errors when loading unknown external protocols.
Tests: We will add a Mochitest test for this.
[1]
https://html.spec.whatwg.org/multipage/browsing-the-web.html#hand-off-to-external-software
--
Tim Huang
Mozilla