registerProtocolHandler from non-secure contexts (removed)
HTML's registerProtocolHandler() gives a webpage a mechanism to register itself to handle a protocol after a user consents. For example, a web-based email application could register to handle the mailto: scheme. A corresponding unregisterProtocolHandler() API allows a site to abandon its protocol-handling registration.
These two APIs expose a powerful capability (reconfigures client state, subsequently transmits potentially-sensitive data over the network) thus they should only be exposed in secure contexts.
Status in Chromium
Removed (tracking bug) in:
- Chrome for desktop release 80
- Chrome for Android release 80
Consensus & Standardization
Last updated on 2019-11-21