As the author of one of these extensions for adding a custom search engine (https://addons.mozilla.org/en-US/firefox/addon/add-custom-search-engine/) I am of course disappointed, but not actually surprised. This is basically round two from about a year ago. I would like to point out that it would be very simple to only expose this API to extensions. I am going to fallback to <link rel="search"> for now, which is sadly a lot less obvious to users.
One reason the previous try of deprecating this API was reverted was the usage of AddSearchProvider by mycroftproject.com/. I see you didn't address this issue in your intent to unship. I agree that we should probably remove this API for normal web-pages considering the potential for abuse and just the general annoyance of prompts. But again my plea: please consider adding proper custom search engine support to Firefox itself. Even Fenix has support for adding custom search engines! Not even talking about probably every other Chrome based browser on Desktop. This is seriously a missing piece of customization in Firefox. Best, Tom On Thu, Apr 23, 2020 at 12:43 PM Mark Banner <mban...@mozilla.com> wrote: > > As of Firefox 78, I intend to change `window.external.AddSearchProvider` > in Firefox to be a dummy function. This will be a preference switch > initially, with the original implementation code being removed fully in > Firefox 79. > > /Status/: > > * > > The HTML Standard specifies this method > <https://html.spec.whatwg.org/multipage/obsolete.html#external>as > "must do nothing". > > * > > Internet Explorer: This feature was supported in IE7-9 but > deprecated in IE10+ and not present in Edge. > > * > > Chrome: Changed to no-op in 54. > > * > > Safari: No support. > > Product: Mike Connor. > > Bug to unship: Preference disable > <https://bugzilla.mozilla.org/show_bug.cgi?id=1632447>, Remove code and > preference <https://bugzilla.mozilla.org/show_bug.cgi?id=1632448>. > > Reasons: `AddSearchProvider` allows adding OpenSearch providers from a > website page. This has been deprecated by the WHATWG, and IE and Chrome > no longer support it. As far as I know it has never been supported on > Mobile. > > This API allows a website to put up unsolicited repeated prompts to > users. It is vulnerable to potential DoS > <https://bugzilla.mozilla.org/show_bug.cgi?id=615761>attacks > <https://bugzilla.mozilla.org/show_bug.cgi?id=1276704>. > > For websites wanting to provide their own engines, the alternative is to > include the <link rel="search"> tag, or to provide their own add-ons > which add search engine providers. > > Add-ons that use the API would no longer work. Of the two add-ons we > have found that use the API, they are both ways of adding custom search > engines. They both have small numbers of users. Whilst we acknowledge > this will remove some functionality for users, we would encourage users > to request that websites provide their own search integrations which > would have the advantage of being maintained by the website, and being > available to everyone. > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
