As of Firefox 78, I intend to change `window.external.AddSearchProvider`
in Firefox to be a dummy function. This will be a preference switch
initially, with the original implementation code being removed fully in
Firefox 79.
/Status/:
*
The HTML Standard specifies this method
<https://html.spec.whatwg.org/multipage/obsolete.html#external>as
"must do nothing".
*
Internet Explorer: This feature was supported in IE7-9 but
deprecated in IE10+ and not present in Edge.
*
Chrome: Changed to no-op in 54.
*
Safari: No support.
Product: Mike Connor.
Bug to unship: Preference disable
<https://bugzilla.mozilla.org/show_bug.cgi?id=1632447>, Remove code and
preference <https://bugzilla.mozilla.org/show_bug.cgi?id=1632448>.
Reasons: `AddSearchProvider` allows adding OpenSearch providers from a
website page. This has been deprecated by the WHATWG, and IE and Chrome
no longer support it. As far as I know it has never been supported on
Mobile.
This API allows a website to put up unsolicited repeated prompts to
users. It is vulnerable to potential DoS
<https://bugzilla.mozilla.org/show_bug.cgi?id=615761>attacks
<https://bugzilla.mozilla.org/show_bug.cgi?id=1276704>.
For websites wanting to provide their own engines, the alternative is to
include the <link rel="search"> tag, or to provide their own add-ons
which add search engine providers.
Add-ons that use the API would no longer work. Of the two add-ons we
have found that use the API, they are both ways of adding custom search
engines. They both have small numbers of users. Whilst we acknowledge
this will remove some functionality for users, we would encourage users
to request that websites provide their own search integrations which
would have the advantage of being maintained by the website, and being
available to everyone.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
