On Fri, May 13, 2022 at 11:17 AM Javier Fernandez <[email protected]> wrote:
> Hi Rick, > > On 13/5/22 16:21, Rick Byers wrote: > > Cool! Thank you for making more of the platform testable in WPT! > > Has there been any discussion in the HTML spec community of making > registerProtocolHandler an official "powerful feature > <https://w3c.github.io/permissions/#powerful-features>"? Will doing so > also have web visible implications via permissions policy > <https://w3c.github.io/webappsec-permissions-policy/>? > > > I've just started the discussion, both at the level of WPT [1] and in the > html spec [2], but still not much feedback. > > Honestly, I've started this journey just trying to improve the feature's > testing, but the issue has growth so that we have now the opportunity to > evolve the registerProtocolHandler feature itself. In any case, I think the > goal is worth the effort, so that's why I've sent the intent. > > IMHO, with the "powerfull feature" definition in mind "is a web platform > feature (usually an API) for which a user gives express permission > <https://www.w3.org/TR/permissions/#dfn-express-permission> before the > feature can be used" the registerProtocolHandler should be considered as > such. I'd really like to get feedback from people with more experience, but > I really think user must grant permissions in all the cases before > registering any protocol handler. Currently, the spec is a bit vague [3] on > this regard, so I think we can improve a bit: > > "User agents may, within the constraints described, do whatever they like. > A user agent could, for instance, prompt the user and offer the user the > opportunity to add the site to a shortlist of handlers, or make the > handlers their default, or cancel the request. User agents could also > silently collect the information, providing it only when relevant to the > user." > > I have to say that, for the time being, the intent is only for the > Automated testing capabilities. It's not in my plans to implement the > "request permission" [4] functionality. Currently in chrome we do have a > PROTOCOL_HANDLER setting but we don't store any data; the > requestProtocolHandler method just launch a prompt dialog to ask the user > for permissions to proceed or not with the registration. I don't have plans > to change that, for now. > > Regarding permissions policy, I admit I haven't considered it and I don't > have experience with that spec, but now that you mention I guess it'd made > sense to implement a permission policy for the Custom Handlers feature. > Thanks, that all makes sense! If it's ultimately just a webdriver change, then I'm not sure if an 'intent to ship' is even necessary. @Philip Jägenstedt <[email protected]> would know. And certainly I didn't mean to imply that you should integrate with permission policy etc., I was just trying to understand the scope of the web platform exposure. I can see how this may or may not really match what we normally think of as 'permissions'. @Ian Clelland <[email protected]> could probably advise. Even if integration with the 'powerful feature' definition is the "right" thing to do, it may not be worth the effort to do it when the most important thing is just getting some automated test coverage... -- > javi > > [1] https://github.com/web-platform-tests/wpt/issues/26819 > [2] https://github.com/whatwg/html/issues/7920 > [3] > https://html.spec.whatwg.org/multipage/system-state.html#custom-handlers > [4] https://www.w3.org/TR/permissions/#requesting-more-permission > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY-L55P40HMoqvsdY8CWmxMXd%3DhWpFNi_7R3nTwaZ-0yGg%40mail.gmail.com.
