Update patch set 1
Patch Set 1:
ftps: Same as the ftp we already support but with SSL/TLS.
ssh: https://www.iana.org/assignments/uri-schemes/prov/ssh https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-04
sftp: https://www.iana.org/assignments/uri-schemes/prov/sftp https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-04
sip, sips: https://tools.ietf.org/html/rfc3969
magnet: https://en.wikipedia.org/wiki/Magnet_URI_scheme https://www.iana.org/assignments/uri-schemes/prov/magnet http://magnet-uri.sourceforge.net/
You can see the links to specs for all of these from https://en.wikipedia.org/wiki/URI_scheme
Most of these protocols have even been whitelisted in HTML5 for registerProtocolHandler use http://www.whatwg.org/specs/web-apps/current-work/multipage/timers.html#whitelisted-scheme
bitcoin: Opens a supporting Bitcoin client with a bitcoin address and optional amount, etc... to let you send bitcoins yourself. Just like how mailto: opens an email client with pre-filled information.
As for spamming many of these already have web based alternatives (web based bitcoin sites, direct links to torrent files, etc...). These alts are less useful for good use cases but exactly as prone to spamming as any other protocol so that's fairly irrelevant.
urn: is important for metadata. And URL restrictions are going to apply to some of the locations we'd put that metadata on. eg: When we whitelist RDFa's <link rel="prefix:..." href="..."> URL restrictions are going to apply to that href where urn: becomes an extremely expected value.
As for uncommon/useless, that's not much reason for blacklisting them. They'll still potentially be useful to someone and they communicate something openly available on the internet. And of course, it's not like we only whitelist protocols that are more useful than any of the ones listed here. ;) We whitelist flipping gopher:// which I'd argue is 100% more useless than every single one of these protocols.
Reviewer: Daniel Friesen <30@e9e9afe9-4712-486d-8885-f54b72dd1951>