[prev in list] [next in list] [prev in thread] [next in thread]
List: webkit-dev
Subject: Re: [webkit-dev] WebKit team feedback on proposal to limit registerProtocolHandler API to secure con
From: Maciej Stachowiak <mjs () apple ! com>
Date: 2019-11-21 19:52:13
Message-ID: 1598F707-5DAC-4EEE-95DE-B8F9BF8D990D () apple ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Eric,
Thanks for asking for our input. I've discussed this with experts on this \
area at Apple. WebKit does not currently support `registerProtocolHander` \
and likely will not. It's a powerful capability, and hard to use sensibly \
in practice (except perhaps the `mailto:` scheme in particular). Even \
opening a URL with a custom URL scheme is a dangerous powerful capability \
that we've gated with a permission in Safari (in addition to banning \
specific extra-dangerous schemes). Apple's Universal Links and Android App \
Links seem like a better technical solution for links that link sometimes \
to websites and sometimes to native apps.
All that said, if `registerProtocolHandler` is implemented at all, it seems \
better to limit it to secure contexts. It might be worth reviewing what \
schemes get registered to see if it's possible to limit to a very short \
known-safe list.
Regards,
Maciej
> On Nov 20, 2019, at 9:12 AM, Eric Lawrence <elawrence@chromium.org> \
> wrote:
> The Blink team has requested that I inquire whether the WebKit team has a \
> point-of-view about the upcoming change to limit HTML's \
> registerProtocolHandler API to use from secure contexts: \
> https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw \
> <https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw>. \
> This will disallow use of that API from non-secure (HTTP) contexts.
> As I understand it, Safari does not implement the registerProtocolHandler \
> API. In the past, WebKit contained the IDL for the API in \
> (WebCore::NavigatorContentUtils::registerProtocolHandler), but this was \
> removed earlier this year: \
> https://trac.webkit.org/changeset/243433/webkit \
> <https://trac.webkit.org/changeset/243433/webkit>.
> Would anyone from WebKit like to express support or objection to the \
> Blink I2I? _______________________________________________
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html; \
charset=utf-8"></head><body style="word-wrap: break-word; \
-webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div \
class=""><br class=""></div>Hi Eric,<div class=""><br class=""></div><div \
class="">Thanks for asking for our input. I've discussed this with experts \
on this area at Apple. WebKit does not currently support \
`registerProtocolHander` and likely will not. It's a powerful capability, \
and hard to use sensibly in practice (except perhaps the `mailto:` scheme \
in particular). Even opening a URL with a custom URL scheme is a dangerous \
powerful capability that we've gated with a permission in Safari (in \
addition to banning specific extra-dangerous schemes). Apple's Universal \
Links and Android App Links seem like a better technical solution for links \
that link sometimes to websites and sometimes to native apps.</div><div \
class=""><br class=""></div><div class="">All that said, if \
`registerProtocolHandler` is implemented at all, it seems better to limit \
it to secure contexts. It might be worth reviewing what schemes get \
registered to see if it's possible to limit to a very short known-safe \
list.</div><div class=""><br class=""></div><div \
class="">Regards,</div><div class="">Maciej</div><div class=""><br \
class=""></div><div class=""><div><br class=""><blockquote type="cite" \
class=""><div class="">On Nov 20, 2019, at 9:12 AM, Eric Lawrence <<a \
href="mailto:elawrence@chromium.org" \
class="">elawrence@chromium.org</a>> wrote:</div><br \
class="Apple-interchange-newline"><div class=""><div dir="ltr" \
class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" \
class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="">The \
Blink team has requested that I inquire whether the WebKit team has a \
point-of-view about the upcoming change to limit HTML's \
registerProtocolHandler API to use from secure contexts: <a \
href="https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw" \
class="">https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw</a>. \
This will disallow use of that API from non-secure (HTTP) \
contexts.</div><div class=""><br class=""></div><div class=""><div \
class="">As I understand it, Safari does not implement the \
registerProtocolHandler API. In the past, WebKit contained the IDL for the \
API in <span style="font-family: Verdana, Arial, "Bitstream Vera \
Sans", Helvetica, sans-serif; font-size: 10.4px;" \
class="">(WebCore::NavigatorContentUtils::</span><span \
class="gmail-searchword0" style="background-color: rgb(255, 255, 153); \
font-family: Verdana, Arial, "Bitstream Vera Sans", Helvetica, \
sans-serif; font-size: 10.4px; background-position: initial initial; \
background-repeat: initial \
initial;">registerProtocolHandler),</span></div><div class="">but this was \
removed earlier this year: <a \
href="https://trac.webkit.org/changeset/243433/webkit" \
class="">https://trac.webkit.org/changeset/243433/webkit</a>.</div><div \
class=""><br class=""></div><div class="">Would anyone from WebKit like to \
express support or objection to the Blink I2I?</div><div \
class=""></div></div></div></div></div></div></div></div> \
_______________________________________________<br class="">webkit-dev \
mailing list<br class=""><a href="mailto:webkit-dev@lists.webkit.org" \
class="">webkit-dev@lists.webkit.org</a><br \
class="">https://lists.webkit.org/mailman/listinfo/webkit-dev<br \
class=""></div></blockquote></div><br class=""></div></body></html>
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic