Safelist protocol handlers for DWeb #3935
Description
This issue tracks safelisting of "ssb", "dat", "ipfs", "ipns" and "dweb" protocols within HTML spec.
Context
https://html.spec.whatwg.org/multipage/system-state.html#safelisted-scheme
This list can be changed. If there are schemes that ought to be added, please send feedback.
Motivation
Safelisted protocols do not require web+ prefix when redirect-based handler is registered via navigator.registerProtocolHandler. Additionally, browser vendors often reuse the safelist as the default for deciding which protocols can be handled by WebExtensions (example).
Safelisting DWeb protocols in HTML spec would make it possible for the community to start using non-HTTP DWeb addresses in the wild and provide users with HTTP-based gateways/readers even before native protocol handler API matures enough to be a part of WebExtensions.
Vendor Support
Historically there was the chicken and the egg problem with adding new protocols to the safelist, so it is important to emphasize that browser vendors are supportive to this change (see references below), and waiting for HTML spec.
- Firefox does not require
web+prefix for handlers registered vianavigator.registerProtocolHandler, so they effectively implement change proposed in this issue.- Mozilla also whitelisted (patch) DWeb protocols for use in WebExtension context (Firefox 59).
- Chromium is waiting (one of reasons why this issue got created), but there is intent to implement the change if HTML spec is supportive
References
- Current safelist in HTML spec
- Whitelisting discussion within DWeb community: Safelisting DWeb Protocols arewedistributedyet/arewedistributedyet#23
- Prototyping Native Protocol Handler API for WebExtensions: mozilla/libdweb#protocol-api