Blocking custom schemes creates a usability conundrum for users
| Originator: | jalkut | ||
| Number: | rdar://29662794 | Date Originated: | 14-Dec-2016 12:25 PM |
| Status: | Open | Resolved: | |
| Product: | Safari | Product Version: | Version 10.0.2 (12602.3.12.0.1) |
| Classification: | UI/Usability | Reproducible: | Always |
Summary: Starting in macOS 10.12.2, Safari is more active about preventing custom schemes from launching pertinent applications. This applies not only to custom schemes invoked from web content, but also from user-installed Bookmark Bar links. Bookmarklets are sometimes used to facilitate an ease of workflow between the web and native apps. My app, MarsEdit, offers such a bookmarklet to users, so that they can easily open a new blog post draft based on the current page and selected content in Safari. The particular workflow accommodated by this is stymied by having to repeatedly confront a permissions panel in Safari, every time the bookmarklet is used. It would be good if there were some way of whitelisting schemes or, better yet, providing an option to users to "Always Allow" opening a particular application. The argument for allowing users to open specific applications is greater for bookmarklets, because the user is likely to have manually installed the bookmarklet in order to accommodate a certain workflow. Steps to Reproduce: 1. Download MarsEdit: https://red-sweater.com/ 2. Launch the app (you can skip configuring a blog). 3. Select MarsEdit -> Install Browser Bookmarklet from the menu bar at the top of the screen. 4. Drag the "Send to MarsEdit" link from the page in Safari, to the Bookmark Bar. 5. Navigate to any page on the web. 6. Click the "Send to MarsEdit" bookmarklet. If you don't want to download the app, just put this bookmarklet code in a bookmarklet: javascript:var%20baseUrl%20=%20'marsedit:';%20var%20url%20=%20baseUrl;var%20title%20=%20document.title;%20url%20=%20url%20+%20'title='%20+%20encodeURIComponent%20(title);%20var%20currentUrl%20=%20document.location.href;%20url%20=%20url%20+%20'&url='%20+%20encodeURIComponent%20(currentUrl);%20var%20selectedText;%20selectedText%20=%20getSelection%20();%20if%20(selectedText%20!=%20'')%20url%20=%20url%20+%20'&text='%20+%20encodeURIComponent%20(selectedText);document.location.href=url; Expected Results: Some means of suppressing the warning panel being displayed every single time. Actual Results: The user must click through the tedious panel in order to complete the action. Version: 10.12.2 (16C67) Version 10.0.2 (12602.3.12.0.1) Notes: Configuration: Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Safari Extensions also affected
I have a Safari Extension that rewrites URLs by substituting the scheme for one that my native application registers. This results in the same issue. Haven't filed a bug yet because my Extension is not in the Safari Extension Gallery and am waiting to see if (a) it is accepted, (b) it fixes the issue. The next step will be to try a Safari App Extension:
https://developer.apple.com/library/content/documentation/NetworkingInternetWeb/Conceptual/SafariAppExtension_PG/index.html
Safari App Extension is the solution
I have implemented a Safari App Extension which does a very similar thing and that does cause the user to be prompted every time.
However, Safari App Extensions are not available on OS X 10.10 Yosemite and there is no workaround that I know of. rdar://29832579