Chrome 110 Changes How Web Share API Embeds Third Party Content

Chrome 110, scheduled to roll out on February 7, 2022, accommodates a change to the way it handles the Net Share API that improves privateness and safety by requiring a the Net Share API to explicitly enable third-party content material.

This may not be one thing that a person writer must act on.

It’s most likely extra related on the developer aspect the place they’re making issues like internet apps that use the Net Share API.

Nonetheless, it’s good to know what it’s for the uncommon state of affairs when it may be helpful for diagnosing why a webpage doesn’t work.

The Mozilla developer web page describes the Web Share API:

“The Net Share API permits a web site to share textual content, hyperlinks, recordsdata, and different content material to user-selected share targets, using the sharing mechanisms of the underlying working system.

These share targets sometimes embody the system clipboard, electronic mail, contacts or messaging purposes, and Bluetooth or Wi-Fi channels.

…Word: This API shouldn’t be confused with the Net Share Goal API, which permits an internet site to specify itself as a share goal”

enable=”web-share” Attribute

An attribute is an HTML markup that modifies an HTML aspect not directly.

For instance, the nofollow attribute modifies the <a> anchor aspect, by signaling the major search engines that the hyperlink isn’t trusted.

The <iframe> is an HTML aspect and it may be modified with the enable=”web-share” attribute

An <iframe> permits a webpage to embed HTML, often from one other web site.

Iframes are in all places, equivalent to in ads and embedded movies.

The issue with an iframe that accommodates content material from one other web site is that it creates the potential for exhibiting undesirable content material or enable malicious actions.

And that’s the issue that the enable=”web-share” attribute solves by setting a permission coverage for the iframe.

This particular permission coverage (enable=”web-share”) tells the browser that it’s okay to show third get together content material from inside an iframe.

Google’s announcement makes use of this instance of the attribute in use:

<iframe enable="web-share" src="https://third-party.instance.com/iframe.html"></iframe>

Google calls this a “a doubtlessly breaking change within the Net Share API.”

The announcement warns:

“If a sharing motion must occur in a third-party iframe, a latest spec change requires you to explicitly enable the operation.

Do that by including an enable attribute to the <iframe> tag with a worth of web-share.

This tells the browser that the embedding web site permits the embedded third-party iframe to set off the share motion.”

Learn the announcement at Google’s Chrome webpage:

New requirements for the Web Share API in third-party iframes

Featured picture by Shutterstock/Krakenimages.com