Intent to Deprecate and Remove: navigation to filesystem: URLs in iframes

Skip to first unread message

Mike Taylor

Jun 2, 2022, 1:41:06 PMJun 2
to blink-dev, Marijn Kruisselbrink

Contact emails,


We propose to remove support for navigating to filesystem:// URLs in iframes.

Blink component



Render-initiated navigations to filesystem:// URLs are blocked in top-level frames, but are currently allowed in iframes. As part of the storage partitioning efforts, we propose to remove support for navigation to filesystem:// URLs in iframes. Preventing navigation in third-party contexts would be sufficient for our privacy goals, but as usage is almost non-existent, we believe removing support for navigation in iframes altogether is the better approach.

( may be useful to grok what any of this means.)

TAG review

N/A. This intent refers to a Chromium-only feature (which we’re trying to remove).


Interoperability and Compatibility

No other engine supports filesystem:// URLs, so we do not expect interoperability issues.

As for compatibility, usage is very, very low. Currently just above 0.0000008%. For this reason we would like to just remove it, without any deprecation period.

Gecko: N/A (not supported)

WebKit: N/A (not supported)

Web developers: No signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?



We currently send an error message to the console if you try to open a window to a filesystem:// URL - we will do something similar for iframes.

Is this feature fully tested by web-platform-tests?


Flag name


Requires code in //chrome?


Estimated milestones


Link to entry on the Chrome Platform Status

This intent message was generated by Chrome Platform Status.

Daniel Bratell

Jun 2, 2022, 2:20:40 PMJun 2
to Mike Taylor, blink-dev, Marijn Kruisselbrink

Well below our customary threshold level, and unlikely to be used in our blind spots (WebView, enterprise). I think it's safe to remove directly.



You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

Yoav Weiss

Jun 3, 2022, 3:23:37 AMJun 3
to Daniel Bratell, Mike Taylor, blink-dev, Marijn Kruisselbrink

Rick Byers

Jun 3, 2022, 10:54:16 AMJun 3
to Yoav Weiss, Daniel Bratell, Mike Taylor, blink-dev, Marijn Kruisselbrink
I checked the WebView-specific UseCounter too and it's half that of the Android one. So yeah, it seems extremely unlikely to me that anyone will notice this - more like a bug-fix than a deprecation. LGTM3

Reply all
Reply to author
0 new messages