HomePhabricator

Update patch set 1
Audit Requiredc9b4abef2e6bUnpublished

Tags
None
Subscribers
Tokens
"Y So Serious" token, awarded by satoshinakamoto.

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.
This commit no longer exists in the repository. It may have been part of a branch which was deleted.This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

Update patch set 1

Patch Set 1:

ftps: Same as the ftp we already support but with SSL/TLS.
ssh: https://www.iana.org/assignments/uri-schemes/prov/ssh https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-04
sftp: https://www.iana.org/assignments/uri-schemes/prov/sftp https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-04
xmpp: https://tools.ietf.org/html/rfc5122
sip, sips: https://tools.ietf.org/html/rfc3969
tel: https://tools.ietf.org/html/rfc5341
sms: https://tools.ietf.org/html/rfc5724
bitcoin: https://en.bitcoin.it/wiki/URI_Scheme
magnet: https://en.wikipedia.org/wiki/Magnet_URI_scheme https://www.iana.org/assignments/uri-schemes/prov/magnet http://magnet-uri.sourceforge.net/
urn: https://tools.ietf.org/html/rfc2141
geo: https://tools.ietf.org/html/rfc5870

You can see the links to specs for all of these from https://en.wikipedia.org/wiki/URI_scheme

Most of these protocols have even been whitelisted in HTML5 for registerProtocolHandler use http://www.whatwg.org/specs/web-apps/current-work/multipage/timers.html#whitelisted-scheme

bitcoin: Opens a supporting Bitcoin client with a bitcoin address and optional amount, etc... to let you send bitcoins yourself. Just like how mailto: opens an email client with pre-filled information.

As for spamming many of these already have web based alternatives (web based bitcoin sites, direct links to torrent files, etc...). These alts are less useful for good use cases but exactly as prone to spamming as any other protocol so that's fairly irrelevant.

urn: is important for metadata. And URL restrictions are going to apply to some of the locations we'd put that metadata on. eg: When we whitelist RDFa's <link rel="prefix:..." href="..."> URL restrictions are going to apply to that href where urn: becomes an extremely expected value.

As for uncommon/useless, that's not much reason for blacklisting them. They'll still potentially be useful to someone and they communicate something openly available on the internet. And of course, it's not like we only whitelist protocols that are more useful than any of the ones listed here. ;) We whitelist flipping gopher:// which I'd argue is 100% more useless than every single one of these protocols.

Patch-set: 1
Reviewer: Daniel Friesen <30@e9e9afe9-4712-486d-8885-f54b72dd1951>
Label: Verified=0

Details

Auditors
satoshinakamoto
Provenance
Daniel Friesen <30@e9e9afe9-4712-486d-8885-f54b72dd1951>Authored on May 20 2013, 10:54 PM
Gerrit Code Review <gerrit@wikimedia.org>Committed on May 20 2013, 10:54 PM
Differential Revision
D1145: A cli tool to roll back maniphest task transactions
ChangeId
None

Event Timeline

Gerrit Code Review <gerrit@wikimedia.org> committed rMWc9b4abef2e6b: Update patch set 1 (authored by Daniel Friesen <30@e9e9afe9-4712-486d-8885-f54b72dd1951>).May 20 2013, 10:54 PM
satoshinakamoto added edges: D1193: No migration from Gerrit to Diffusion/Differential planned, D1194: Include grid release on the API, D1196: ReleaseDetailsCustomField: prefill "Unbreak now" train blocker priority, D1197: Update link to k8s-status to use toolforge.org domain, D1097: keystone: refresh keystone server URL, D1098: Support LAST as statement value, D1099: Archive the PdfExport extension, D1100: sync-wikiversion: don't overwrite AbstractSync, D1101: Support LAST as qualifier and source value, D1102: Add --force to AbstractSync, D1103: Skip cache_git_info for sync-wikiversions, D1104: Specify transparent -extent background for RGBA images, D1105: Fix Unicode string comparison, D1106: Add a cache-busting parameter when fetching from noc.wm.o, D1107: Add ability to whitelist IPs for per-IP throttle, D1108: Add test case for ImageDescription EXIF filtering, D1109: Stop using _type (Elastic 6.0 support), D1110: Add ability to specify PHP version for scap, D1113: Apply -background none to palette PNGs, D1112: Change message to 'Copying from x to y', D1111: Add ability to specify PHP version for scap, again, D1114: Check for fatals in AbstractSync by calling `mwscript eval.php`, D1115: Fix Wikipedia section index, D1117: Only check logstash for canaries in the active datacenter, D1116: Add logging for mwscript eval.php check, D1118: Error: --service-restart without a service_name, D1119: Run new batches as the submitting user, D1120: Remove '/' from include in sync-wikiversions, D1122: Demo of wd image positions as IIIF annotations, D1121: Fix "invalid escape sequence '\' (W605)", D1128: Update vendor dependencies, D1125: build: Update linters, D1130: Fix typo, D1129: Update index.php for slimapp migration, D1147: Improved output, D1146: app: list new `gerritadmin` LDAP group, D1145: A cli tool to roll back maniphest task transactions.Dec 20 2021, 5:33 PM
satoshinakamoto awarded a token.

Empty Commit

This commit is empty and does not affect any paths.