WebKit team feedback on proposal to limit registerProtocolHandler API to secure contexts?

# Eric Lawrence (2 days ago)

The Blink team has requested that I inquire whether the WebKit team has a point-of-view about the upcoming change to limit HTML's registerProtocolHandler API to use from secure contexts: groups.google.com/a/chromium.org/forum/#!topic/blink-dev/1AOWqzgFQiw. This will disallow use of that API from non-secure (HTTP) contexts.

As I understand it, Safari does not implement the registerProtocolHandler API. In the past, WebKit contained the IDL for the API in (WebCore::NavigatorContentUtils::registerProtocolHandler), but this was removed earlier this year: trac.webkit.org/changeset/243433/webkit.

Would anyone from WebKit like to express support or objection to the Blink I2I?

Contact us to advertise here
# Maciej Stachowiak (16 hours ago)

Thanks for asking for our input. I’ve discussed this with experts on this area at Apple. WebKit does not currently support registerProtocolHander and likely will not. It’s a powerful capability, and hard to use sensibly in practice (except perhaps the mailto: scheme in particular). Even opening a URL with a custom URL scheme is a dangerous powerful capability that we’ve gated with a permission in Safari (in addition to banning specific extra-dangerous schemes). Apple’s Universal Links and Android App Links seem like a better technical solution for links that link sometimes to websites and sometimes to native apps.

All that said, if registerProtocolHandler is implemented at all, it seems better to limit it to secure contexts. It might be worth reviewing what schemes get registered to see if it’s possible to limit to a very short known-safe list.

Want more features?

Request early access to our private beta of readable email premium.