registerProtocolHandler from non-secure contexts (removed)

HTML's registerProtocolHandler() gives a webpage a mechanism to register itself to handle a protocol after a user consents. For example, a web-based email application could register to handle the mailto: scheme. A corresponding unregisterProtocolHandler() API allows a site to abandon its protocol-handling registration.

These two APIs expose a powerful capability (reconfigures client state, subsequently transmits potentially-sensitive data over the network) thus they should only be exposed in secure contexts.

Specification

Established standard

Status in Chromium

Blink>HTML>CustomHandlers


Removed (tracking bug) in:

  • Chrome for desktop release 80

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owner

Last updated on 2020-06-22