Intent to Deprecate and Remove: navigation to filesystem: URLs in iframes

[Mike Taylor]

Contact emails

mike...@chromium.org, m...@chromium.org

Summary

We propose to remove support for navigating to filesystem:// URLs in iframes.

Blink component

Blink>Storage>FileSystem

Motivation

Render-initiated navigations to filesystem:// URLs are blocked in top-level frames, but are currently allowed in iframes. As part of the storage partitioning efforts, we propose to remove support for navigation to filesystem:// URLs in iframes. Preventing navigation in third-party contexts would be sufficient for our privacy goals, but as usage is almost non-existent, we believe removing support for navigation in iframes altogether is the better approach.

(https://miketaylr.com/misc/filesystem-navigation.html may be useful to grok what any of this means.)

TAG review

N/A. This intent refers to a Chromium-only feature (which we’re trying to remove).

Risks

Interoperability and Compatibility

No other engine supports filesystem:// URLs, so we do not expect interoperability issues.

As for compatibility, usage is very, very low. Currently just above 0.0000008%. For this reason we would like to just remove it, without any deprecation period.

Gecko: N/A (not supported)

WebKit: N/A (not supported)

Web developers: No signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

No.

Debuggability

We currently send an error message to the console if you try to open a window to a filesystem:// URL - we will do something similar for iframes.

Is this feature fully tested by web-platform-tests?

No

Flag name

FileSystemUrlNavigation

Requires code in //chrome?

False

Estimated milestones

M105

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5816343679991808

This intent message was generated by Chrome Platform Status.

[Daniel Bratell]

Well below our customary threshold level, and unlikely to be used in our blind spots (WebView, enterprise). I think it's safe to remove directly.

LGTM1

/Daniel

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/84b7af7f-66fb-4874-0290-f0b22f51cb52%40chromium.org.

[Yoav Weiss]

LGTM2

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b9ca44ab-0655-8e86-a714-aad7ea463b25%40gmail.com.

[Rick Byers]

I checked the WebView-specific UseCounter too and it's half that of the Android one. So yeah, it seems extremely unlikely to me that anyone will notice this - more like a bug-fix than a deprecation. LGTM3

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfW5x6mzXJXAngGT1m82jEr3hTM_WPShKi4tnJLvGXgWKQ%40mail.gmail.com.

[Eric Melgaard]

This was heavily used in an enterprise product to play HTML content via iframes in a signage application.

Depreciation or preventing 3rd party access would have been appreciated since persistent storage owned by the application, should be accessible to the application. 

[Adrian Holmes]

Is it possible to disable this feature via the registry?  We're a digital signage company, and many of our clients use HTML apps which are stored in the filesystem and loaded via an iFrame as pointed out by Eric.

We are using Chrome Enterprise.

Many thanks

[Mike Taylor]

Hi Adrian,

Let me follow up off-list to understand your setup in more detail.

Thanks,
Mike

[Mike Taylor]

Hi Darius,

In https://bugs.chromium.org/p/chromium/issues/detail?id=1360512, this feature was re-enabled for Chrome Apps only (as we unfortunately broke some apps in that context :(). This feature should continue to work until Chrome Apps are removed.

thanks,
Mike

On 1/12/23 4:19 AM, Darius Iko wrote:

Hi Everyone,

Related to this removal of navigation to filesystem URL, there is a release notes in 104 probably related: https://support.google.com/chrome/a/answer/10314655#108&zippy=%2Cchrome:~:text=First%20mode%20feature.-,Block%20iframe%20contexts%20navigating%20to%20filesystem%3A%20URLs,-Beginning%20in%20Chrome

When I am using Chrome OS 104, I see that the webview and iframe tag cannot navigate to filesystem URL anymore, and this also happened on 104 105 106 107, but on Chrome OS 108, the webview and iframe tag can navigate to filesystem URL again. Is the navigation to filesystem allowed back on 108 and above ? May I know how is the future about the behavior of navigation to filesystem because I don't see anything related filesystem in the release notes of 108 ?

Thanks.

[Darius Iko]

Hi Everyone,

Related to this removal of navigation to filesystem URL, there is a release notes in 104 probably related: https://support.google.com/chrome/a/answer/10314655#108&zippy=%2Cchrome:~:text=First%20mode%20feature.-,Block%20iframe%20contexts%20navigating%20to%20filesystem%3A%20URLs,-Beginning%20in%20Chrome

When I am using Chrome OS 104, I see that the webview and iframe tag cannot navigate to filesystem URL anymore, and this also happened on 104 105 106 107, but on Chrome OS 108, the webview and iframe tag can navigate to filesystem URL again. Is the navigation to filesystem allowed back on 108 and above ? May I know how is the future about the behavior of navigation to filesystem because I don't see anything related filesystem in the release notes of 108 ?

Thanks.

On Friday, September 23, 2022 at 11:42:12 PM UTC+8 mike...@chromium.org wrote: