Hi Rick, On 13/5/22 16:21, Rick Byers wrote: > Cool! Thank you for making more of the platform testable in WPT! > > Has there been any discussion in the HTML spec community of making > registerProtocolHandler an official "powerful feature > <https://w3c.github.io/permissions/#powerful-features>"? Will doing so > also have web visible implications via permissions policy > <https://w3c.github.io/webappsec-permissions-policy/>? >
I've just started the discussion, both at the level of WPT [1] and in the html spec [2], but still not much feedback. Honestly, I've started this journey just trying to improve the feature's testing, but the issue has growth so that we have now the opportunity to evolve the registerProtocolHandler feature itself. In any case, I think the goal is worth the effort, so that's why I've sent the intent. IMHO, with the "powerfull feature" definition in mind "is a web platform feature (usually an API) for which a user gives express permission <https://www.w3.org/TR/permissions/#dfn-express-permission> before the feature can be used" the registerProtocolHandler should be considered as such. I'd really like to get feedback from people with more experience, but I really think user must grant permissions in all the cases before registering any protocol handler. Currently, the spec is a bit vague [3] on this regard, so I think we can improve a bit: "User agents may, within the constraints described, do whatever they like. A user agent could, for instance, prompt the user and offer the user the opportunity to add the site to a shortlist of handlers, or make the handlers their default, or cancel the request. User agents could also silently collect the information, providing it only when relevant to the user." I have to say that, for the time being, the intent is only for the Automated testing capabilities. It's not in my plans to implement the "request permission" [4] functionality. Currently in chrome we do have a PROTOCOL_HANDLER setting but we don't store any data; the requestProtocolHandler method just launch a prompt dialog to ask the user for permissions to proceed or not with the registration. I don't have plans to change that, for now. Regarding permissions policy, I admit I haven't considered it and I don't have experience with that spec, but now that you mention I guess it'd made sense to implement a permission policy for the Custom Handlers feature. -- javi [1] https://github.com/web-platform-tests/wpt/issues/26819 [2] https://github.com/whatwg/html/issues/7920 [3] https://html.spec.whatwg.org/multipage/system-state.html#custom-handlers [4] https://www.w3.org/TR/permissions/#requesting-more-permission -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/0e556a0f-1bce-d4c2-0d11-e88a87c19040%40igalia.com.
