Thanks for asking for our input. I’ve discussed this with experts on this area at Apple. WebKit does not currently support `registerProtocolHander` and likely will not. It’s a powerful capability, and hard to use sensibly in practice (except perhaps the `mailto:` scheme in particular). Even opening a URL with a custom URL scheme is a dangerous powerful capability that we’ve gated with a permission in Safari (in addition to banning specific extra-dangerous schemes). Apple’s Universal Links and Android App Links seem like a better technical solution for links that link sometimes to websites and sometimes to native apps.

All that said, if `registerProtocolHandler` is implemented at all, it seems better to limit it to secure contexts. It might be worth reviewing what schemes get registered to see if it’s possible to limit to a very short known-safe list.

On Nov 20, 2019, at 9:12 AM, Eric Lawrence <elawrence@chromium.org> wrote:

The Blink team has requested that I inquire whether the WebKit team has a point-of-view about the upcoming change to limit HTML's registerProtocolHandler API to use from secure contexts: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw. This will disallow use of that API from non-secure (HTTP) contexts.

As I understand it, Safari does not implement the registerProtocolHandler API. In the past, WebKit contained the IDL for the API in (WebCore::NavigatorContentUtils::registerProtocolHandler),
but this was removed earlier this year: https://trac.webkit.org/changeset/243433/webkit.

Would anyone from WebKit like to express support or objection to the Blink I2I?
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev