[prev in list] [next in list] [prev in thread] [next in thread]
List: webkit-dev
Subject: Re: [webkit-dev] WebKit team feedback on proposal to limit registerProtocolHandler API to secure con
From: Maciej Stachowiak <mjs () apple ! com>
Date: 2019-11-21 19:52:13
Message-ID: 1598F707-5DAC-4EEE-95DE-B8F9BF8D990D () apple ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Eric,
Thanks for asking for our input. I've discussed this with experts on this area at Apple. WebKit \
does not currently support `registerProtocolHander` and likely will not. It's a powerful \
capability, and hard to use sensibly in practice (except perhaps the `mailto:` scheme in \
particular). Even opening a URL with a custom URL scheme is a dangerous powerful capability \
that we've gated with a permission in Safari (in addition to banning specific extra-dangerous \
schemes). Apple's Universal Links and Android App Links seem like a better technical solution \
for links that link sometimes to websites and sometimes to native apps.
All that said, if `registerProtocolHandler` is implemented at all, it seems better to limit it \
to secure contexts. It might be worth reviewing what schemes get registered to see if it's \
possible to limit to a very short known-safe list.
Regards,
Maciej
> On Nov 20, 2019, at 9:12 AM, Eric Lawrence <elawrence@chromium.org> wrote:
>
> The Blink team has requested that I inquire whether the WebKit team has a point-of-view about \
> the upcoming change to limit HTML's registerProtocolHandler API to use from secure contexts: \
> https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw \
> <https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw>. This will \
> disallow use of that API from non-secure (HTTP) contexts.
> As I understand it, Safari does not implement the registerProtocolHandler API. In the past, \
> WebKit contained the IDL for the API in \
> (WebCore::NavigatorContentUtils::registerProtocolHandler), but this was removed earlier this \
> year: https://trac.webkit.org/changeset/243433/webkit \
> <https://trac.webkit.org/changeset/243433/webkit>.
> Would anyone from WebKit like to express support or objection to the Blink I2I?
> _______________________________________________
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body \
style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" \
class=""><div class=""><br class=""></div>Hi Eric,<div class=""><br class=""></div><div \
class="">Thanks for asking for our input. I've discussed this with experts on this area at \
Apple. WebKit does not currently support `registerProtocolHander` and likely will not. It's a \
powerful capability, and hard to use sensibly in practice (except perhaps the `mailto:` scheme \
in particular). Even opening a URL with a custom URL scheme is a dangerous powerful capability \
that we've gated with a permission in Safari (in addition to banning specific extra-dangerous \
schemes). Apple's Universal Links and Android App Links seem like a better technical solution \
for links that link sometimes to websites and sometimes to native apps.</div><div class=""><br \
class=""></div><div class="">All that said, if `registerProtocolHandler` is implemented at all, \
it seems better to limit it to secure contexts. It might be worth reviewing what schemes get \
registered to see if it's possible to limit to a very short known-safe list.</div><div \
class=""><br class=""></div><div class="">Regards,</div><div class="">Maciej</div><div \
class=""><br class=""></div><div class=""><div><br class=""><blockquote type="cite" \
class=""><div class="">On Nov 20, 2019, at 9:12 AM, Eric Lawrence <<a \
href="mailto:elawrence@chromium.org" class="">elawrence@chromium.org</a>> wrote:</div><br \
class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div dir="ltr" \
class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" \
class=""><div class="">The Blink team has requested that I inquire whether the WebKit team has \
a point-of-view about the upcoming change to limit HTML's registerProtocolHandler API to use \
from secure contexts: <a \
href="https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw" \
class="">https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw</a>. This \
will disallow use of that API from non-secure (HTTP) contexts.</div><div class=""><br \
class=""></div><div class=""><div class="">As I understand it, Safari does not implement the \
registerProtocolHandler API. In the past, WebKit contained the IDL for the API in <span \
style="font-family: Verdana, Arial, "Bitstream Vera Sans", Helvetica, sans-serif; \
font-size: 10.4px;" class="">(WebCore::NavigatorContentUtils::</span><span \
class="gmail-searchword0" style="background-color: rgb(255, 255, 153); font-family: Verdana, \
Arial, "Bitstream Vera Sans", Helvetica, sans-serif; font-size: 10.4px; \
background-position: initial initial; background-repeat: initial \
initial;">registerProtocolHandler),</span></div><div class="">but this was removed earlier this \
year: <a href="https://trac.webkit.org/changeset/243433/webkit" \
class="">https://trac.webkit.org/changeset/243433/webkit</a>.</div><div class=""><br \
class=""></div><div class="">Would anyone from WebKit like to express support or objection to \
the Blink I2I?</div><div class=""></div></div></div></div></div></div></div></div> \
_______________________________________________<br class="">webkit-dev mailing list<br \
class=""><a href="mailto:webkit-dev@lists.webkit.org" \
class="">webkit-dev@lists.webkit.org</a><br \
class="">https://lists.webkit.org/mailman/listinfo/webkit-dev<br \
class=""></div></blockquote></div><br class=""></div></body></html>
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic