Hi Eric, Thanks for asking for our input. I’ve discussed this with experts on this area at Apple. WebKit does not currently support `registerProtocolHander` and likely will not. It’s a powerful capability, and hard to use sensibly in practice (except perhaps the `mailto:` scheme in particular). Even opening a URL with a custom URL scheme is a dangerous powerful capability that we’ve gated with a permission in Safari (in addition to banning specific extra-dangerous schemes). Apple’s Universal Links and Android App Links seem like a better technical solution for links that link sometimes to websites and sometimes to native apps.
All that said, if `registerProtocolHandler` is implemented at all, it seems better to limit it to secure contexts. It might be worth reviewing what schemes get registered to see if it’s possible to limit to a very short known-safe list. Regards, Maciej > On Nov 20, 2019, at 9:12 AM, Eric Lawrence <elawre...@chromium.org> wrote: > > The Blink team has requested that I inquire whether the WebKit team has a > point-of-view about the upcoming change to limit HTML's > registerProtocolHandler API to use from secure contexts: > https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw > <https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw>. > This will disallow use of that API from non-secure (HTTP) contexts. > > As I understand it, Safari does not implement the registerProtocolHandler > API. In the past, WebKit contained the IDL for the API in > (WebCore::NavigatorContentUtils::registerProtocolHandler), > but this was removed earlier this year: > https://trac.webkit.org/changeset/243433/webkit > <https://trac.webkit.org/changeset/243433/webkit>. > > Would anyone from WebKit like to express support or objection to the Blink > I2I? > _______________________________________________ > webkit-dev mailing list > email@example.com > https://lists.webkit.org/mailman/listinfo/webkit-dev
_______________________________________________ webkit-dev mailing list firstname.lastname@example.org https://lists.webkit.org/mailman/listinfo/webkit-dev