At 17:02 -0700 UTC, on 2007-06-14, Walter Rader wrote: [...] > Both Firefox and IE will pass un-handled protocol handlers to the > operating system. (Probably other browsers as well.) Under Mac OS AFAIK any browser will pas any protocol it is not configured to handle internally on to the OS. (Hence Mac OS X's infamous URL scheme security hole <http://www.euronet.nl/~tekelenb/playground/security/URLschemes/>.) > If there's a > vulnerability in the protocol handler, a malicious user could place a > link in a DokuWiki installation which exploits this. Isn't it up to the receiving end to protect against that sort of thing? I think it's up to the OS to offer such protection -- leaving such things up to individual web sites seems like relying on drops in an ocean. OTOH, as a site admin, if you know some browsing environments do not offer proper protection, I suppose you might indeed want to do something extra, so at least it won't be *your* site that is used to abuse an unprotected browsing environment. So yes, this might be a useful option. [...] > Suggestion: > > Add a config option to specify the acceptable protocol handlers in > links. Set the DokuWiki installation default to (say) http, https, and ftp. As to implementation: besides needing a "complete" whitelist of protocols for the default, what about the user experience? Should Dokuwiki flat out not accept content that contains an unregistered protocol? Should it accept but silently drop? Should it accept, but not display? Should it accept but display the links as plain text, instead of a hyperlink? Should it display a warning/error message that explains the problem? If suspect that if Dokuwiki isn't verbose enough about it, such a protection scheme could result in troubleshooting issues for Dokuwiki users and admins. Btw, this protection scheme would also need to recognise escaped characters in the protocol specifier. -- Sander Tekelenburg, <http://www.euronet.nl/~tekelenb/> -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist