Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What makes you believe they put it there on purpose? It appears to have a genuine (if insecure) purpose. Even the researcher's message on seclists implies he thought of it as a bug.


it's completely unneeded.

I can launch Steam games from my browser without any plugins.

https://developer.valvesoftware.com/wiki/Steam_browser_proto...


Well those games are not only sold through Steam you know so they still "needed" this feature to work without Steam.


Protocol handlers are a pretty shitty way of interfacing with desktop apps. There's no two-way communication and no error handling. Lots of potential screw-ups and incompatibility issues will/can happen. Sure, they don't require a browser plugin but that's about the only advantage.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: