Open Bug 1629149 Opened 5 years ago Updated 2 years ago

Add gopher to registerProtocolHandler safelisted schemes

Categories

(Core :: DOM: Core & HTML, enhancement)

enhancement

Tracking

()

UNCONFIRMED

People

(Reporter: sebdeckers83, Unassigned)

References

(Blocks 1 open bug, )

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15

Steps to reproduce:

I want to register a website URL as handler for the "gopher" protocol. The "gopher" scheme is not currently whitelisted in the HTML spec.

Example:

navigator.registerProtocolHandler('gopher', 'https://gopher.commons.host/%s', 'Gopher Browser')

Actual results:

SecurityError: Navigator.registerProtocolHandler: Permission denied to add a protocol handler for gopher

Expected results:

Permission request: Add "gopher.commons.host" as an application for gopher links?
Button: [ Add Application ]

Resetting severity to default of --.

First, thank you for the love for Gopher, I was using it before HTTP was common!

I can't speak for the team handling protocol handlers, but please check with the folks working on https://addons.mozilla.org/en-US/firefox/addon/overbitewx/ and https://addons.mozilla.org/en-US/firefox/addon/ipfs-companion/.

This seems somewhat reasonable. And yeah, if we do this we should support it for both extensions and web pages.

(In reply to Emma Humphries, Bugmaster ☕️🎸🧞‍♀️✨ (she/her) [:emceeaich] (UTC-8) needinfo? me from comment #2)

First, thank you for the love for Gopher, I was using it before HTTP was common!

I can't speak for the team handling protocol handlers, but please check with the folks working on https://addons.mozilla.org/en-US/firefox/addon/overbitewx/ and https://addons.mozilla.org/en-US/firefox/addon/ipfs-companion/.

Hi, the first one is me.

gopher:// was whitelisted for WebExtensions awhile ago to be consistent with registerProtocolHandler. I'm surprised this regressed. Without the WebExtensions support OverbiteWX and OverbiteNX wouldn't even work. See bug 1385357.

Sorry for the delay in responding, Cameron.

Marking this as a regression.

The question about a protocol handler for gemini has come up as well.

Type: enhancement → defect
QA Whiteboard: [qa-regression-triage]

I'm willing to do the patch, I just need to know if it would be accepted (seems it would per comment 3), and if gemini should be done at the same time. It's just a matter of adding it/them to kSafeSchemes[].

To be clear, this hasn't regressed; we aligned with the standard and started using a safelist in bug 1476035. https://github.com/whatwg/html/issues/5343 discusses adding this back to the standard, but there isn't much active interest there from other implementers.

QA Whiteboard: [qa-regression-triage]
Type: defect → enhancement

(In reply to Anne (:annevk) from comment #3)

This seems somewhat reasonable. And yeah, if we do this we should support it for both extensions and web pages.

I agree fully... gopher, as well as gemini protocols should be supported in Firefox. To exclude those who use these protocols is not the Mozilla way. Correct? Gemini is growing and should be supported. It is secure, using modern methods to maintain private exchange of data.

Here is but one example of my case.... the "alt-web" is flourishing. https://github.com/Lex-2008/ggstproxy

Peace

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.