Re: [whatwg] Proposal: navigator.launchURL

[Konstantin Welke]

Hi!

On 7/16/14, 1:24 PM, Anne van Kesteren ann...@annevk.nl wrote:
On Tue, Jul 15, 2014 at 12:28 AM, Ian Hickson i...@hixie.ch wrote:

Introducing a new API that literally doesn't do anything you can't
already do is a pretty high cost, IMHO.
It seems there are some potential differences:

Ian and Adam, what do you think about the points raised by Anne and me?

For the window.open approach that you proposed, how would the API look
like? 

What would the API return if an external app was launched?

Cheers,
Kosta

-- 
Cheers,
Konstantin Welke
Senior Software Developer
Citrix Online Germany GmbH | Erzbergerstr. 117 | D-76133 Karlsruhe
http://www.citrixonline.com http://www.citrixonline.com/

Work better. Live better.
Citrix Online Germany GmbH | Erzbergerstr. 117 | D-76133 Karlsruhe
Geschäftsführer: Tommy Ahlers | David Zalewski | Michael DiFilippo
Sitz der Gesellschaft: Karlsruhe | Registergericht: Amtsgericht Mannheim
HRB 713721
Citrix Online UK Ltd http://www.citrixonline.com/imprint-en.tmpl

Re: [whatwg] Proposal: navigator.launchURL

[Anne van Kesteren]

On Tue, Jul 15, 2014 at 12:28 AM, Ian Hickson i...@hixie.ch wrote:
 They can use window.open() today. It's just that it causes a bit of
 flicker for now. IMHO the flicker is just a bug we should fix.

 Introducing a new API that literally doesn't do anything you can't already
 do is a pretty high cost, IMHO.

It seems there are some potential differences:

* You cannot detect if window.open() failed (e.g. the user declined to
open the application or the browser failed to find an application)
* If the scheme is mapped to an http/https URL it is unclear:
** whether you get a new top-level browsing context or if you get an
auxiliary browsing context (i.e. what window.opener return?)
** if a referrer is included
** if credentials are included

And the open question for those is whether those differences are
desirable and should perhaps be configurable.


-- 
http://annevankesteren.nl/

Re: [whatwg] Proposal: navigator.launchURL

[Konstantin Welke]

Hi!

On 7/14/14, 7:42 PM, Ian Hickson i...@hixie.ch wrote:


On Sun, 13 Jul 2014, Adam Barth wrote:

 == Use Case ==
 
 A web site wants to launch an external protocol handler.  For example,
 a web site might want to launch PuTTY via the ssh scheme.

window.open('ssh://...');

I'll look at this in more detail in due course, but FWIW this appears to
be more or less identical to a proposal from Microsoft about 18 months
ago:

   https://www.w3.org/Bugs/Public/show_bug.cgi?id=20799

It's still not really clear what difference this API would have to
window.open(), though.

How would the window.open(url, name, features) API behave? Here’s what I
imagine:

* If a native application is registered as a protocol handler, no popup
opens but the user is being asked whether to launch that application
(using the currently existing browser dialog - such dialogs exist in
Chrome, FF, IE currently). If the user confirms the dialog, the native
application is launched.

* If a web page registered a protocol handler (through web intents?), that
opens the registered web page in a popup window. Wouldn’t a tab be a
better default here? Is there a “feature” parameter that we can pass to
make this a tabbed window for that?
* If neither native application nor web intent is registered for this, no
popup opens.

Would launching native applications be subject to popup blocking? (I hope
not)

window.open returns a window object.

I guess for web-intents, the usual cross-domain policies apply to the
returned window object.

What should be returned when launching a native application? A window
object wouldn’t make sense. Returning a promise here seems like a weird
API...

As a future user of this API, I would really like to have some feedback
whether or not the launched scheme is registered. The reason is simply to
provide a good user experience: If nothing is able to handle the url
scheme, the web page needs to display completely different UI than if
launching the application worked. I am aware of the privacy issues but I
think Microsoft made a good compromise when coming up with their launchUri
API: Using this API to “fingerprint” installed application is really
intrusive and annoying, and has the risk of the web page losing focus. I
believe that should detract from abusing it. (Furthermore, it should be
disallowed by iframe sandboxing to if iframed third-party ads start
abusing it)

This is why I would favor a new API navigator.launchUri(url) that returns
a promise. The promise would resolve if a handler is registered launching
was allowed by the user. For native applications, it would resolve to
null; for web intents it would resolve to the resulting window object. If
no handler was registered or the user rejected launching an external
application, the promise would be rejected. If opening an external window
for web intents got blocked by a popup blocker, the promise would be
resolved when the user allows the popup. Clean and simple.

What do you think?

Cheers,
Kosta

Re: [whatwg] Proposal: navigator.launchURL

[Anne van Kesteren]

On Mon, Jul 14, 2014 at 4:26 AM, Adam Barth w...@adambarth.com wrote:
 The launchURL() method requests that the User Agent launch the
 protocol handler for the specified URL.  If the User Agent itself is
 the registered protocol handler for |url|, then the User Agent should
 open the requested URL in a new browsing context in a new unit of
 related browsing contexts.

Is this observably different from

  a target=_blank rel=noreferrer

somehow?


-- 
http://annevankesteren.nl/

Re: [whatwg] Proposal: navigator.launchURL

[Boris Zbarsky]

On 7/14/14, 3:35 AM, Anne van Kesteren wrote:

Is this observably different from

   a target=_blank rel=noreferrer

somehow?


I think for a sandboxed iframe it might be...

Which raises a separate question, by the way: should a sandboxed iframe 
(without allow-popups, in case that matters) be able to do this?


-Boris

Re: [whatwg] Proposal: navigator.launchURL

[Konstantin Welke]

Hi!

On 7/14/14, 7:40 AM, Michael[tm] Smith m...@w3.org wrote:
Adam Barth w...@adambarth.com, 2014-07-13 22:30 -0700:
On Sun, Jul 13, 2014 at 8:05 PM, Michael[tm] Smith m...@w3.org wrote:
 It proposed a method that includes a successCallback 
noHandlerCallback:
   navigator.launchUri(uri, successCallback, noHandlerCallback)
No, I missed that.  Looks very similar.  A more modern idiom would be
to return a promise to inform the caller of success or failure.

We modeled this proposal roughly after the msLaunchUri API introduced in
Windows 8 for IE:
(The docs say that this is IE 10+, but it’s actually Windows 8+)
http://msdn.microsoft.com/en-us/library/ie/jj154912(v=vs.85).aspx


Is there a use case for reporting success or failure?  I thought about
including that, but it wasn't necessary for the use cases I'm aware
of.

Konstantin mentioned:
 We would like to have a stable, well-defined API for this that also
allows
 to handle the “user declined / protocol handler is not installed” case
 gracefully. As an example, the web page could show a UI to tell the
user
 how to install an SSH client.
http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0797.html


Yes, the success/failure callback are very important to have a good user
experience. Most important is whether the information that handler is not
available (so that you can e.g. provide a download to install the
application instead). Having a success callback is very nice to provide a
good UX.

In the end, it’s a privacy tradeoff: Do you want to mix “handler not
available” and “user declined the launch” into one callback, so that the
web page does not know whether X is installed or the user just didn’t want
to launch it? (However, that information might be accessible from the
timings…)

What the msLaunchUri call does:
* successCallback if the app was launched
* noHandlerCallback if no URI handler was installed
* if you get no callback that means either the user declined the launch or
has not click anything yet (if there was a confirmation dialog).

How we use it:
* We try to launch our native application using a custom URI scheme
* If successful, we show some “success” UI
* If no handler installed, the user gets a download
* If we don’t get a callback (= user declined or undecided), the user can
choose between trying again and downloading the application.

I’m not decided on promises vs. callbacks. I guess promises are the more
modern approach. Either would work fine here and it’s easy to wrap one
into the other if needed.

Anne van Kesteren asked:

 Is this observably different from
 a target=_blank rel=noreferrer
 somehow?


(Sorry for moving this mail into here, but I wasn’t subscribed to whatwg
when the question was asked so I don’t have access to it to reply to it
regularly)

There are two very big differences:
1. The web pages doesn’t know whether launching works (UX issue, see above)
2. Browser behavior if the URI scheme is not registered varies wildly. If
we implement such a launchURL or launchUri call, we can specify this
behavior (as Microsoft did for msLaunchUri, see msdn link above).

As an example, what browsers currently do when trying to launch an
unregistered URI scheme:
* Chrome/Desktop ignore it completely (good behavior) (same for Opera
these days)
* Chrome/Android shows a blank “not found” page with the custom URI in the
navigation bar (on this platform, using intent: links is recommended to
launch custom URL schemes / open to Google Play store if the app is not
installed)
* Firefox/Desktop shows a dialog asking the user to choose the application
to handle these URIs with (this is ok for some cases like ssh://, but in
the worst case the user can really misconfigure their browser here)
* Firefox Android shows an error dialog
* Safari/Mac asks to look on the Mac App Store for it (bad if the
application is not on the app store)
* Safari/iOS ignores it and users stays on the page (good) (Same for
Chrome/iOS)
* IE shows some error message
* IE on Windows RT/Windows Phone 8 asks to look in the Windows Store

So all in this is a huge mess to work with :) That’s why a standardized
API would be a very neat thing!

Also, note that most pages using custom URI schemes have some weird way to
detect whether or not the custom URI scheme is installed to work around
this issue. For example, the iTunes pages check whether some Apple plugin
is available that comes bundled with iTunes (on Windows/Mac). (On iOS,
they assume the “App Store” app is installed, of course)

Boris Zbarsky asked:
 Which raises a separate question, by the way: should a sandboxed iframe
 (without allow-popups, in case that matters) be able to do this?

(Again, sorry to move your question in here, same reason as for Anne)

I think it should be allowed in sandboxed iframes (but maybe I’m biased as
I want to use this API). At the very least, there should be a sandbox
attribute that allows using this API.



Cheers,
Konstantin Welke
-- 
Senior Software Developer
Citrix Online 

Re: [whatwg] Proposal: navigator.launchURL

[Anne van Kesteren]

On Mon, Jul 14, 2014 at 3:47 PM, Konstantin Welke
konstantin.we...@citrix.com wrote:
 How we use it:
 * We try to launch our native application using a custom URI scheme
 * If successful, we show some “success” UI
 * If no handler installed, the user gets a download
 * If we don’t get a callback (= user declined or undecided), the user can
 choose between trying again and downloading the application.

This does not seem particularly compelling. I'd rather figure out why
there needs to be a native application in the first place.


 Anne van Kesteren asked:
 Is this observably different from
 a target=_blank rel=noreferrer
 somehow?

 There are two very big differences:
 1. The web pages doesn’t know whether launching works (UX issue, see above)

The privacy implications seem somewhat tricky. Although since the user
first has to go through some UI, it might not be too bad.


 2. Browser behavior if the URI scheme is not registered varies wildly. If
 we implement such a launchURL or launchUri call, we can specify this
 behavior (as Microsoft did for msLaunchUri, see msdn link above).

This seems like something we need to fix either way. We should have
this navigation behavior nailed down.


 As an example, what browsers currently do when trying to launch an
 unregistered URI scheme:
 * Chrome/Desktop ignore it completely (good behavior) (same for Opera
 these days)

Is this when you target iframe or in general?


 * Firefox/Desktop shows a dialog asking the user to choose the application
 to handle these URIs with (this is ok for some cases like ssh://, but in
 the worst case the user can really misconfigure their browser here)

What is a worst case?


-- 
http://annevankesteren.nl/

Re: [whatwg] Proposal: navigator.launchURL

[Konstantin Welke]

Hi Anne!


On 7/14/14, 4:44 PM, Anne van Kesteren ann...@annevk.nl wrote:

On Mon, Jul 14, 2014 at 3:47 PM, Konstantin Welke
konstantin.we...@citrix.com wrote:
 How we use it:
 * We try to launch our native application using a custom URI scheme
 * If successful, we show some “success” UI
 * If no handler installed, the user gets a download
 * If we don’t get a callback (= user declined or undecided), the user
can
 choose between trying again and downloading the application.

This does not seem particularly compelling. I'd rather figure out why
there needs to be a native application in the first place.

Well as long as web pages are not as powerful as web apps, there’s reasons
to start external applications for some functionality.

The SSH client is an easy example, unless we allow web pages to connect to
arbitrary hosts and ports (implementing SSH is still not possible with
WebRTC, right?). Another example, Apples uses a custom URI scheme to
launch iTunes, which can e.g. sync with iPhones over USB and/or WiFi -
which I don’t see as a web app in the foreseeable future. At Citrix, this
is also used to launch native applications for functionality not
implementable as a web app (e.g. screen sharing session that transmits a
Windows UAC dialog or installing a Windows Service).

 Anne van Kesteren asked:
 Is this observably different from
 a target=_blank rel=noreferrer
 somehow?

 There are two very big differences:
 1. The web pages doesn’t know whether launching works (UX issue, see
above)

The privacy implications seem somewhat tricky. Although since the user
first has to go through some UI, it might not be too bad.

Yes, this is also the reason why I favor a launchUri() call over a
isProtocolRegistered() call. This way, if a web page abuses the API it
will be more annoying to the user. It is the web page’s self-interested
not to annoy the user too much.

 2. Browser behavior if the URI scheme is not registered varies wildly.
If
 we implement such a launchURL or launchUri call, we can specify this
 behavior (as Microsoft did for msLaunchUri, see msdn link above).

This seems like something we need to fix either way. We should have
this navigation behavior nailed down.

I agree. However it is easier for JavaScript to check whether e.g.
navigator.launchUri exists and assume it behaves correctly if it exists.
Using a plain link, JS would need to detect whether this is one of the
browsers that implement launching external apps “as specified” . Also, a
plain link can’t return a promise  (if we can agree on this kind of
feedback).

 As an example, what browsers currently do when trying to launch an
 unregistered URI scheme:
 * Chrome/Desktop ignore it completely (good behavior) (same for Opera
 these days)

Is this when you target iframe or in general?

For Chrome/Desktop, this seems to be the case in general. Here’s a test
page that provides 3 ways of launching “nonexistent://foo.bar” (which I
hope is not registered for an external application anywhere):
http://lastpageofthe.net/nonexistent.html

Note that for other browsers, the behavior usually varies between iframe,
plain link and setting document.location. E.g. I just re-tested with
Firefox/Mac and it shows an empty web page with the custom URI in the
navigator bar for the plain link as well as when setting
document.location. However, when using an iframe, a JS exception appears
in the JS logs and no user-visible UI.

 * Firefox/Desktop shows a dialog asking the user to choose the
application
 to handle these URIs with (this is ok for some cases like ssh://, but in
 the worst case the user can really misconfigure their browser here)

What is a worst case?

If the user chooses an application that cannot handle the protocol and
checks “Remember my choice”, Firefox will always launch the wrong
application without further prompting the user. This can be fixed in the
Firefox settings, but is hard to figure out for the user.

However, at least from superficial testing it seems that Firefox changed
their behavior and now simply ignore unknown protocols when they are being
launched via iframe.

-- 
Cheers,

Konstantin Welke
Senior Software Developer
Citrix Online Germany GmbH | Erzbergerstr. 117 | D-76133 Karlsruhe
http://www.citrixonline.com http://www.citrixonline.com/

Work better. Live better.
Citrix Online Germany GmbH | Erzbergerstr. 117 | D-76133 Karlsruhe
Geschäftsführer: Tommy Ahlers | David Zalewski | Michael DiFilippo
Sitz der Gesellschaft: Karlsruhe | Registergericht: Amtsgericht Mannheim
HRB 713721
Citrix Online UK Ltd http://www.citrixonline.com/imprint-en.tmpl

Re: [whatwg] Proposal: navigator.launchURL

[Jussi Kalliokoski]

On Mon, Jul 14, 2014 at 5:44 PM, Anne van Kesteren ann...@annevk.nl wrote:

 On Mon, Jul 14, 2014 at 3:47 PM, Konstantin Welke
 konstantin.we...@citrix.com wrote:
  How we use it:
  * We try to launch our native application using a custom URI scheme
  * If successful, we show some “success” UI
  * If no handler installed, the user gets a download
  * If we don’t get a callback (= user declined or undecided), the user can
  choose between trying again and downloading the application.

 This does not seem particularly compelling. I'd rather figure out why
 there needs to be a native application in the first place.


As a person working for a company with a big mobile game catalogue, I'd say
this is a reality and happening already, and unfortunately I've seen this
currently done in some pretty gross, uninteroperable and user-hostile ways
and would love to see those go away.

If we specify the way this should be done, this will also let the UA be
more aware of what the web app is trying to do, so for people like me who
hate websites trying to open an app, the UA could have an option to always
reject these attempts. I think the overall compelling thing here is
providing a good UX for something that may or may not be a good thing, but
is happening already, with poor UX.

- Jussi

Re: [whatwg] Proposal: navigator.launchURL

[Adam Barth]

On Mon, Jul 14, 2014 at 12:35 AM, Anne van Kesteren ann...@annevk.nl wrote:
 On Mon, Jul 14, 2014 at 4:26 AM, Adam Barth w...@adambarth.com wrote:
 The launchURL() method requests that the User Agent launch the
 protocol handler for the specified URL.  If the User Agent itself is
 the registered protocol handler for |url|, then the User Agent should
 open the requested URL in a new browsing context in a new unit of
 related browsing contexts.

 Is this observably different from

   a target=_blank rel=noreferrer

 somehow?

Yes, that causes a blank window to be created before launching the
external protocol handler.

On Mon, Jul 14, 2014 at 4:39 AM, Boris Zbarsky bzbar...@mit.edu wrote:
 Which raises a separate question, by the way: should a sandboxed iframe
 (without allow-popups, in case that matters) be able to do this?

Nope, I think we should block that.


On Mon, Jul 14, 2014 at 6:47 AM, Konstantin Welke
konstantin.we...@citrix.com wrote:
 Yes, the success/failure callback are very important to have a good user
 experience. Most important is whether the information that handler is not
 available (so that you can e.g. provide a download to install the
 application instead). Having a success callback is very nice to provide a
 good UX.

Makes sense.

 In the end, it’s a privacy tradeoff: Do you want to mix “handler not
 available” and “user declined the launch” into one callback, so that the
 web page does not know whether X is installed or the user just didn’t want
 to launch it? (However, that information might be accessible from the
 timings…)

 What the msLaunchUri call does:
 * successCallback if the app was launched
 * noHandlerCallback if no URI handler was installed
 * if you get no callback that means either the user declined the launch or
 has not click anything yet (if there was a confirmation dialog).

If the user declines, we should probably reject the promise.

 I’m not decided on promises vs. callbacks. I guess promises are the more
 modern approach. Either would work fine here and it’s easy to wrap one
 into the other if needed.

Promises are the future.  New APIs should use them instead of having a
pair of success and failure callbacks.

 I think it should be allowed in sandboxed iframes (but maybe I’m biased as
 I want to use this API). At the very least, there should be a sandbox
 attribute that allows using this API.

IMHO, the allow-popups should enable the feature, just like it enables
window.open.

On Mon, Jul 14, 2014 at 7:44 AM, Anne van Kesteren ann...@annevk.nl wrote:
 This does not seem particularly compelling. I'd rather figure out why
 there needs to be a native application in the first place.

It's about user choice.  Users might choose to use a web-based SSH
client or they might choose to use a native application as their SSH
client.  The web site that's launching the SSH session doesn't need to
care.  They can all share the same URI scheme: ssh.

Adam

Re: [whatwg] Proposal: navigator.launchURL

[Ben Johnson]

Hey all,

I'm just back from leave and catching up on responses, but I think my colleague 
Kosta responded with most of our concerns.

Re: promises:

Yes, I think this is pretty clearly an appropriate place for them. They aren't 
there now because:

a) The initial draft was pretty much just a port of the IE API to open a 
discussion.
b) I was unsure of the current status of promises for new proposals; I now 
understand they're expected at this point in time.

Cheers,
Ben

-Original Message-
From: Konstantin Welke 
Sent: Monday, July 14, 2014 6:48 AM
To: Michael[tm] Smith; Adam Barth; ann...@annevk.nl; bzbar...@mit.edu
Cc: wha...@whatwg.org; Ben Johnson
Subject: Re: [whatwg] Proposal: navigator.launchURL

Hi!

On 7/14/14, 7:40 AM, Michael[tm] Smith m...@w3.org wrote:
Adam Barth w...@adambarth.com, 2014-07-13 22:30 -0700:
On Sun, Jul 13, 2014 at 8:05 PM, Michael[tm] Smith m...@w3.org wrote:
 It proposed a method that includes a successCallback 
noHandlerCallback:
   navigator.launchUri(uri, successCallback, noHandlerCallback)
No, I missed that.  Looks very similar.  A more modern idiom would be 
to return a promise to inform the caller of success or failure.

We modeled this proposal roughly after the msLaunchUri API introduced in 
Windows 8 for IE:
(The docs say that this is IE 10+, but it’s actually Windows 8+) 
http://msdn.microsoft.com/en-us/library/ie/jj154912(v=vs.85).aspx


Is there a use case for reporting success or failure?  I thought about 
including that, but it wasn't necessary for the use cases I'm aware 
of.

Konstantin mentioned:
 We would like to have a stable, well-defined API for this that also 
allows  to handle the “user declined / protocol handler is not 
installed” case  gracefully. As an example, the web page could show a 
UI to tell the user  how to install an SSH client.
http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0797.html


Yes, the success/failure callback are very important to have a good user 
experience. Most important is whether the information that handler is not 
available (so that you can e.g. provide a download to install the application 
instead). Having a success callback is very nice to provide a good UX.

In the end, it’s a privacy tradeoff: Do you want to mix “handler not available” 
and “user declined the launch” into one callback, so that the web page does not 
know whether X is installed or the user just didn’t want to launch it? 
(However, that information might be accessible from the
timings…)

What the msLaunchUri call does:
* successCallback if the app was launched
* noHandlerCallback if no URI handler was installed
* if you get no callback that means either the user declined the launch or has 
not click anything yet (if there was a confirmation dialog).

How we use it:
* We try to launch our native application using a custom URI scheme
* If successful, we show some “success” UI
* If no handler installed, the user gets a download
* If we don’t get a callback (= user declined or undecided), the user can 
choose between trying again and downloading the application.

I’m not decided on promises vs. callbacks. I guess promises are the more modern 
approach. Either would work fine here and it’s easy to wrap one into the other 
if needed.

Anne van Kesteren asked:

 Is this observably different from
 a target=_blank rel=noreferrer
 somehow?


(Sorry for moving this mail into here, but I wasn’t subscribed to whatwg when 
the question was asked so I don’t have access to it to reply to it
regularly)

There are two very big differences:
1. The web pages doesn’t know whether launching works (UX issue, see above) 2. 
Browser behavior if the URI scheme is not registered varies wildly. If we 
implement such a launchURL or launchUri call, we can specify this behavior (as 
Microsoft did for msLaunchUri, see msdn link above).

As an example, what browsers currently do when trying to launch an unregistered 
URI scheme:
* Chrome/Desktop ignore it completely (good behavior) (same for Opera these 
days)
* Chrome/Android shows a blank “not found” page with the custom URI in the 
navigation bar (on this platform, using intent: links is recommended to launch 
custom URL schemes / open to Google Play store if the app is not
installed)
* Firefox/Desktop shows a dialog asking the user to choose the application to 
handle these URIs with (this is ok for some cases like ssh://, but in the worst 
case the user can really misconfigure their browser here)
* Firefox Android shows an error dialog
* Safari/Mac asks to look on the Mac App Store for it (bad if the application 
is not on the app store)
* Safari/iOS ignores it and users stays on the page (good) (Same for
Chrome/iOS)
* IE shows some error message
* IE on Windows RT/Windows Phone 8 asks to look in the Windows Store

So all in this is a huge mess to work with :) That’s why a standardized API 
would be a very neat thing!

Also, note that most pages using custom URI schemes have some weird way to 
detect

Re: [whatwg] Proposal: navigator.launchURL

[Ian Hickson]

On Sun, 13 Jul 2014, Adam Barth wrote:

 == Use Case ==
 
 A web site wants to launch an external protocol handler.  For example,
 a web site might want to launch PuTTY via the ssh scheme.

window.open('ssh://...');

I'll look at this in more detail in due course, but FWIW this appears to 
be more or less identical to a proposal from Microsoft about 18 months 
ago:

   https://www.w3.org/Bugs/Public/show_bug.cgi?id=20799

It's still not really clear what difference this API would have to 
window.open(), though.

-- 
Ian Hickson   U+1047E)\._.,--,'``.fL
http://ln.hixie.ch/   U+263A/,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Re: [whatwg] Proposal: navigator.launchURL

[Adam Barth]

On Mon, Jul 14, 2014 at 10:42 AM, Ian Hickson i...@hixie.ch wrote:
 On Sun, 13 Jul 2014, Adam Barth wrote:

 == Use Case ==

 A web site wants to launch an external protocol handler.  For example,
 a web site might want to launch PuTTY via the ssh scheme.

 window.open('ssh://...');

 I'll look at this in more detail in due course, but FWIW this appears to
 be more or less identical to a proposal from Microsoft about 18 months
 ago:

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20799

 It's still not really clear what difference this API would have to
 window.open(), though.

The difference is that window.open opens a new browser window even if
the URL is handled by an external protocol handler.  Even if we
changing current browsers to detect whether the URL will be handled by
an external protocol handler before opening the window, web sites
won't be able to feature-detect which browsers have this new behavior
and therefore won't be able to move away from iframe@src hacks until
all the browsers they care about have the behavior change.  By
contrast, sites can feature detect navigator.launchURL and fall back
to iframe@src in UAs that lack the new API.

Adam

Re: [whatwg] Proposal: navigator.launchURL

[Ian Hickson]

On Mon, 14 Jul 2014, Adam Barth wrote:
 
 The difference is that window.open opens a new browser window even if 
 the URL is handled by an external protocol handler.  Even if we changing 
 current browsers to detect whether the URL will be handled by an 
 external protocol handler before opening the window, web sites won't be 
 able to feature-detect which browsers have this new behavior and 
 therefore won't be able to move away from iframe@src hacks until all the 
 browsers they care about have the behavior change.  By contrast, sites 
 can feature detect navigator.launchURL and fall back to iframe@src in 
 UAs that lack the new API.

I'm skeptical of features that only have a benefit during a short 
transition phase. Suppose it's five years from now and now everyone 
implements window.open() in this cleaner way and everyone also has 
launchURL(). Why is it good that we have both?

-- 
Ian Hickson   U+1047E)\._.,--,'``.fL
http://ln.hixie.ch/   U+263A/,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Re: [whatwg] Proposal: navigator.launchURL

[Adam Barth]

On Mon, Jul 14, 2014 at 2:10 PM, Ian Hickson i...@hixie.ch wrote:
 On Mon, 14 Jul 2014, Adam Barth wrote:
 The difference is that window.open opens a new browser window even if
 the URL is handled by an external protocol handler.  Even if we changing
 current browsers to detect whether the URL will be handled by an
 external protocol handler before opening the window, web sites won't be
 able to feature-detect which browsers have this new behavior and
 therefore won't be able to move away from iframe@src hacks until all the
 browsers they care about have the behavior change.  By contrast, sites
 can feature detect navigator.launchURL and fall back to iframe@src in
 UAs that lack the new API.

 I'm skeptical of features that only have a benefit during a short
 transition phase. Suppose it's five years from now and now everyone
 implements window.open() in this cleaner way and everyone also has
 launchURL(). Why is it good that we have both?

You're presupposing a particular series of future events.  It's more
likely that it will take longer than five years.  As an example, we
shipped unprefixed support for border-radius in May 2010, and browser
support is still only ~85% of traffic:

http://caniuse.com/#search=border-radius

If web developers need to wait for the long tail of browsers to catch
up before they can use a feature, they're unlikely to adopt it.  If
developers don't adopt a feature, browser vendors are less likely to
adopt the feature.  That's why the bootstrapping process is an
important consideration.

Adam

Re: [whatwg] Proposal: navigator.launchURL

[Ian Hickson]

On Mon, 14 Jul 2014, Adam Barth wrote:
 
  I'm skeptical of features that only have a benefit during a short 
  transition phase. Suppose it's five years from now and now everyone 
  implements window.open() in this cleaner way and everyone also has 
  launchURL(). Why is it good that we have both?
 
 You're presupposing a particular series of future events.  It's more 
 likely that it will take longer than five years.  As an example, we 
 shipped unprefixed support for border-radius in May 2010, and browser 
 support is still only ~85% of traffic:
 
 http://caniuse.com/#search=border-radius

It doesn't really matter how long it takes. The time until authors can 
stop using the iframe hack is the same whether we provide a new API or 
have a legacy API that needs updating to be slightly less annoying.


 If web developers need to wait for the long tail of browsers to catch
 up before they can use a feature, they're unlikely to adopt it.

They can use window.open() today. It's just that it causes a bit of 
flicker for now. IMHO the flicker is just a bug we should fix.

Introducing a new API that literally doesn't do anything you can't already 
do is a pretty high cost, IMHO.

-- 
Ian Hickson   U+1047E)\._.,--,'``.fL
http://ln.hixie.ch/   U+263A/,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Re: [whatwg] Proposal: navigator.launchURL

[Adam Barth]

On Mon, Jul 14, 2014 at 3:28 PM, Ian Hickson i...@hixie.ch wrote:
 On Mon, 14 Jul 2014, Adam Barth wrote:
  I'm skeptical of features that only have a benefit during a short
  transition phase. Suppose it's five years from now and now everyone
  implements window.open() in this cleaner way and everyone also has
  launchURL(). Why is it good that we have both?

 You're presupposing a particular series of future events.  It's more
 likely that it will take longer than five years.  As an example, we
 shipped unprefixed support for border-radius in May 2010, and browser
 support is still only ~85% of traffic:

 http://caniuse.com/#search=border-radius

 It doesn't really matter how long it takes. The time until authors can
 stop using the iframe hack is the same whether we provide a new API or
 have a legacy API that needs updating to be slightly less annoying.


 If web developers need to wait for the long tail of browsers to catch
 up before they can use a feature, they're unlikely to adopt it.

 They can use window.open() today. It's just that it causes a bit of
 flicker for now. IMHO the flicker is just a bug we should fix.

 Introducing a new API that literally doesn't do anything you can't already
 do is a pretty high cost, IMHO.

Ok, we can try the window.open approach first.

Adam

Re: [whatwg] Proposal: navigator.launchURL

[Michael[tm] Smith]

Adam Barth w...@adambarth.com, 2014-07-13 19:26 -0700:

 == Use Case ==
 
 A web site wants to launch an external protocol handler.  For example,
 a web site might want to launch PuTTY via the ssh scheme.
[...]
 == Proposal ==
 
 partial interface NavigatorContentUtils {
   void launchURL(DOMString url);
 };

Did you see the similar proposal that came up for discussion back in March?

  
http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/thread.html#msg791
  http://bengjohnson.github.io/ExternalProtocolSpecification.html

It also used the example of launching an SSH client:

  http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0797.html

It proposed a method that includes a successCallback  noHandlerCallback:

  navigator.launchUri(uri, successCallback, noHandlerCallback)

-- 
Michael[tm] Smith http://people.w3.org/mike

Re: [whatwg] Proposal: navigator.launchURL

[Adam Barth]

On Sun, Jul 13, 2014 at 8:05 PM, Michael[tm] Smith m...@w3.org wrote:
 Adam Barth w...@adambarth.com, 2014-07-13 19:26 -0700:

 == Use Case ==

 A web site wants to launch an external protocol handler.  For example,
 a web site might want to launch PuTTY via the ssh scheme.
 [...]
 == Proposal ==

 partial interface NavigatorContentUtils {
   void launchURL(DOMString url);
 };

 Did you see the similar proposal that came up for discussion back in March?

   
 http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/thread.html#msg791
   http://bengjohnson.github.io/ExternalProtocolSpecification.html

 It also used the example of launching an SSH client:

   http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0797.html

 It proposed a method that includes a successCallback  noHandlerCallback:

   navigator.launchUri(uri, successCallback, noHandlerCallback)

No, I missed that.  Looks very similar.  A more modern idiom would be
to return a promise to inform the caller of success or failure.

Is there a use case for reporting success or failure?  I thought about
including that, but it wasn't necessary for the use cases I'm aware
of.  We can always extend the API with a returned promise in the
future if more use cases arise.

Adam

Re: [whatwg] Proposal: navigator.launchURL

[Michael[tm] Smith]

Adam Barth w...@adambarth.com, 2014-07-13 22:30 -0700:

 On Sun, Jul 13, 2014 at 8:05 PM, Michael[tm] Smith m...@w3.org wrote:
[...]
  It proposed a method that includes a successCallback  
  noHandlerCallback:
 
navigator.launchUri(uri, successCallback, noHandlerCallback)
 
 No, I missed that.  Looks very similar.  A more modern idiom would be
 to return a promise to inform the caller of success or failure.

Yeah

 Is there a use case for reporting success or failure?  I thought about
 including that, but it wasn't necessary for the use cases I'm aware
 of.

Konstantin mentioned:

  We would like to have a stable, well-defined API for this that also allows
  to handle the “user declined / protocol handler is not installed” case
  gracefully. As an example, the web page could show a UI to tell the user
  how to install an SSH client.

http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0797.html

-- 
Michael[tm] Smith http://people.w3.org/mike