In short, some browsers treat tel: URIs almost as a special, and tolerated, form of cross-site scripting (XSS). That would be insecure and could be expensive. It prevents a website calling out without some sort of user interaction. Waiting for the green button is a security measure. What’s got Dylan Reeve hot under the collar is that in some browsers, on some builds of Android, on some phones, the dialling semantics of telephone URIs are: load the default dialler or “phone” application, insert the number as if you’d typed it, and wait for you to press the magic green button to initiate the call. They just suggest that it could, if it wanted. So telephone URIs don’t instruct your browser, or your tablet, or your phone, to dial. Furthermore, it does not refer to a specific physical device, only to a telephone number. The "tel" URI is a globally unique identifier ("name") only it does not describe the steps necessary to reach a particular number and does not imply dialling semantics. You use these URIs, which start with tel:, like this:Īs the text of RFC 3966 points out, unromantically but importantly: It all starts with RFC 3966, which defines a special sort of URI for telephone numbers. The details of the disaster are absurdly simple, so allow me to explain at some length. They don’t need to rub it in by wiping the floor with your phone, too. The Kiwis probably already thrashed your country at rugby, even after two of their players got sent off. He just shows you if it might be possible for a web page to do so. Indeed, he won’t wipe your device at all. For the record, Dylan won’t actually remote-wipe your device without permission.
0 kommentar(er)
