Hacker News new | past | comments | ask | show | jobs | submit login

> why the author says this is difficult to do securely? macOS has a simple facility for handling custom URL schemes

So does all other operating systems and this has been a thing for at least a couple of decades. This is not the problem.

The problem is that this feature is severely locked down in all modern browsers, precisely due to the security risks involved.

Relying on this feature in a critical user interaction path is a guaranteed way to get flooded with support-requests.

Disclaimer: have replaced custom protocol with other solution in end-user facing production projects.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact