- From: Adam Barth <w3c@adambarth.com>
- Date: Sun, 13 Jul 2014 19:26:33 -0700
- To: whatwg@whatwg.org
== Use Case ==
A web site wants to launch an external protocol handler. For example,
a web site might want to launch PuTTY via the "ssh" scheme.
== Workarounds ==
Currently developers launch external protocol handlers by creating
iframes with src attributes that point to the external protocol URLs.
Web developers aren't able to set window.location to the external
protocol URL because that cancels all in-progress network requests
(e.g., outstanding XMLHttpRequests). Unfortunately, we need to
maintain this behavior for compatibility.
== Why Now? ==
We've run into this issue because we've been tightening down Chrome's
mixed content policy. When we started blocking secure pages from
embedding insecure iframes, we broke web sites that were using iframes
to launch external protocol (see http://crbug.com/318788).
We could change out mixed content policy to blacklist only known
insecure URI schemes, but that isn't as secure as whitelisting known
secure URI schemes. Instead, it seems better to give web developers a
way to tell the browser what they want to do, which is to launch an
external protocol handler.
That, of course, raises the interesting question of how to handle the
case where the external protocol handler is registered by a web page
(e.g., WebPuTTY registering ssh via
navigator.registerProtocolHandler). The simplest thing is probably to
open the registered URL in a new tab because that's the most similar
to launching an external program to handle the URL.
== Proposal ==
partial interface NavigatorContentUtils {
void launchURL(DOMString url);
};
The launchURL() method requests that the User Agent launch the
protocol handler for the specified URL. If the User Agent itself is
the registered protocol handler for |url|, then the User Agent should
open the requested URL in a new browsing context in a new unit of
related browsing contexts.
Adam
Received on Monday, 14 July 2014 02:27:37 UTC