| CARVIEW |
Web Share API
W3C First Public Working Draft
- This version:
- https://www.w3.org/TR/2019/WD-web-share-20191217/
- Latest published version:
- https://www.w3.org/TR/web-share/
- Latest editor's draft:
- https://w3c.github.io/web-share/
- Test suite:
- https://w3c-test.org/web-share/
- Editor:
- Matt Giuca (Google Inc.)
- Participate:
- GitHub w3c/web-share
- File a bug
- Commit history
- Pull requests
- Browser support:
- caniuse.com
Copyright © 2019 W3C® (MIT, ERCIM, Keio, Beihang). W3C liability, trademark and permissive document license rules apply.
Abstract
This specification defines an API for sharing text, links and other content to an arbitrary destination of the user's choice.
The available share targets are not specified here; they are provided by the user agent. They could, for example, be apps, websites or contacts.
Status of This Document
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.
This is a work in progress. Wide review and feedback welcome.
This document was published by the Web Applications Working Group as a First Public Working Draft. This document is intended to become a W3C Recommendation.
GitHub Issues are preferred for discussion of this specification.
Publication as a First Public Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This document is governed by the 1 March 2019 W3C Process Document.
1. Usage Examples
This section is non-normative.
This example shows a basic share operation. In response to a button click, this JavaScript code shares the current page's URL.
shareButton.addEventListener("click", async () => {
try {
await navigator.share({ title: "Example Page", url: "" });
console.log("Data was shared successfully");
} catch (err) {
console.error("Share failed:", err.message);
}
});
Note that a url'' refers to the current page URL,
just as it would in a link. Any other absolute or relative URL can also
be used.
In response to this call to share(), the user agent would
display a picker or chooser dialog, allowing the user to select a
target to share this title and the page URL to.
2. API definition
2.1
Extensions to the Navigator interface
partial interface Navigator {
[SecureContext] Promise<void> share(optional ShareData data = {});
};
User agents that do not support sharing SHOULD NOT expose
share() on the Navigator interface.
share() is present, there is a reasonable expectation
that it will work and present the user with at least one share
target. Clients can use the presence or absence of this method to
determine whether to show UI that triggers its use.
2.1.1 Internal Slots
This API adds the following internal slot to the Navigator
-
Promise? [[sharePromise]] -
The
[[sharePromise]]is a promise that represents a user's current intent to share some data with a share target. It is initialized tonull.
2.1.2
share() method
When the share() method is called with argument
data, run the following steps:
- If
[[sharePromise]]is notnull, return a promise rejected withInvalidStateError. - If none of data's members
titletexturlTypeError. - If data's
url- Let base be the this value's relevant settings object's api base URL.
- Let url be the result of running the URL
parser on data's
url - If url is failure, return a promise rejected with
TypeError. - Set data to a copy of data, with its
url
- If the relevant global object of this does not have
transient activation, return a promise rejected with
with a "
NotAllowedError"DOMException. - Set
[[sharePromise]]to be a new promise. - Return
[[sharePromise]]and in parallel:- If there are no share targets available:
-
Reject
[[sharePromise]]with an "AbortError"DOMException. - Set
[[sharePromise]]tonull. - Abort these steps.
-
Reject
- Present the user with a choice of one or more share targets, selected at the user agent's discretion. The user MUST be given the option to cancel rather than choosing any of the share targets. Wait for the user's choice.
- If the user chose to cancel the share operation:
-
Reject
[[sharePromise]]with an "AbortError"DOMException, - Set
[[sharePromise]]tonull. - Abort these steps.
-
Reject
- Activate the chosen share target, convert data to a format suitable for ingestion into the target, and transmit the converted data to the target.
- If an error occurs starting the target or transmitting the
data:
-
Reject
[[sharePromise]]with an "DataError"DOMException. - Set
[[sharePromise]]tonull. - Abort these steps.
-
Reject
- Once the data has been successfully transmitted to the
target, resolve
[[sharePromise]]withundefined. - Set
[[sharePromise]]tonull.
- If there are no share targets available:
The user agent MUST NOT allow the website to learn which share targets are available, or the identity of the chosen target.
share() always shows some form of UI, to give the
user a choice of application and get their approval to invoke and
send data to a potentially native application (which carries a
security risk). For this reason, user agents are prohibited from
showing any kind of "always use this target in the future" option,
or bypassing the UI if there is only a single share target.
2.2
ShareData dictionary
dictionary ShareData {
USVString title;
USVString text;
USVString url;
};
The ShareData dictionary consists of several optional
members:
-
textmember - Arbitrary text that forms the body of the message being shared.
-
titlemember - The title of the document being shared. May be ignored by the target.
-
urlmember - A URL string referring to a resource being shared.
urlhref on
an a element, before being given to the share target.
3. Share targets
A share target is the abstract concept of a destination that the user agent will transmit the share data to. What constitutes a share target is at the discretion of the user agent.
A share target might not be directly able to accept a ShareDataShareDataShareData
ShareDatatexturlShareData
Each share target MAY be made conditionally available depending on the
ShareDatashare() method.
share() method is "fire and forget"; it does
not wait for the target to approve or reject the payload.
3.1 Examples of share targets
This section is non-normative.
The list of share targets can be populated from a variety of sources, depending on the user agent and host operating system. For example:
- Built-in service (e.g., "copy to clipboard").
- Native applications written for the host operating system.
- Contacts (e.g., the user agent directly shares to a person from the user's address book, using a specific app).
- Websites (e.g., the user agent fills in a template URL with the
members of the
ShareData
In some cases, the host operating system will provide a sharing or intent system similar to Web Share. In these cases, the user agent can simply forward the share data to the operating system and not talk directly to native applications.
4. Security and privacy considerations
This section is non-normative.
Web Share enables data to be sent from websites to native applications. While this ability is not unique to Web Share, it does come with a number of potential security issues that can vary in severity (depending on the underlying platform).
- There is a requirement to not allow the website to learn which apps
are installed, or which app was chosen from
share(), because this information could be used for fingerprinting, as well as leaking details about the user's device. - Implementors will want to carefully consider what information is
revealed in the error message when
share()is rejected. Even distinguishing between the case where no targets are available and user cancellation could reveal information about which apps are installed on the user's device. - There is a requirement that
share()presents the user with a dialog asking them to select a target application (even if there is only one possible target). This surface serves as a security confirmation, ensuring that websites cannot silently send data to native applications. - Due to the capabilities of the API surface,
share()is available only in secure contexts (such ashttps://schemes). - Use of
share()from a private browsing mode might leak private data to a third-party application that does not respect the user's privacy setting. User agents could present additional warnings or disable the feature entirely when in a private browsing mode, but this is not mandated as the chooser UI could be considered sufficient warning. - The data passed to
share()might be used to exploit buffer overflow or other remote code execution vulnerabilities in native applications that receive shares. There is no general way to guard against this, but implementors will want to be aware that it is a possibility.
A. Extensibility of this API
This section is non-normative.
The Web Share API is designed to be extended in the future by way of
new members added to the ShareData
The three members titletexturlshare() need to accept all
three. Any new members that are added in the future will be
individually feature-detectable, to allow for
backwards-compatibility with older implementations that don't recognize
those members. These new members might also be added as optional "MAY"
requirements.
The share() method returns a rejected promise with a
TypeError if none of the specified members are present. The
intention is that when a new member is added, it will also be added to
this list of recognized members. This is for future-proofing
implementations: if a web site written against a future version of this
spec uses only new members (e.g.,
navigator.share({image: x})), it will be valid in future user agents,
but a TypeError on user agents implementing an older version of the
spec. Developers will be asked to feature-detect any new members they
rely on, to avoid having errors surface in their program.
Editors of this spec will want to carefully consider the genericity of any new members being added, avoiding members that are closely associated with a particular service, user agent or operating system, in favour of members that can potentially be applied to a wide range of platforms and targets.
B. Conformance
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words MAY, MUST, MUST NOT, SHOULD, and SHOULD NOT in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
C. IDL Index
partial interfaceNavigator{ [SecureContext] Promise<void>share(optionalShareDatadata = {}); }; dictionaryShareData{ USVStringtitle; USVStringtext; USVStringurl; };
D. Acknowledgments
Thanks to the Web Intents team, who laid the groundwork for the web app interoperability use cases. In particular, Paul Kinlan, who did a lot of early advocacy for Web Share.
E. References
E.1 Normative references
- [html]
- HTML Standard. Anne van Kesteren; Domenic Denicola; Ian Hickson; Philip Jägenstedt; Simon Pieters. WHATWG. Living Standard. URL: https://html.spec.whatwg.org/multipage/
- [RFC2119]
- Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://tools.ietf.org/html/rfc2119
- [RFC8174]
- Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. B. Leiba. IETF. May 2017. Best Current Practice. URL: https://tools.ietf.org/html/rfc8174
- [url]
- URL Standard. Anne van Kesteren. WHATWG. Living Standard. URL: https://url.spec.whatwg.org/
- [WebIDL]
- Web IDL. Boris Zbarsky. W3C. 15 December 2016. W3C Editor's Draft. URL: https://heycam.github.io/webidl/
E.2 Informative references
- [rfc2781]
- UTF-16, an encoding of ISO 10646. P. Hoffman; F. Yergeau. IETF. February 2000. Informational. URL: https://tools.ietf.org/html/rfc2781
- [rfc3629]
- UTF-8, a transformation format of ISO 10646. F. Yergeau. IETF. November 2003. Internet Standard. URL: https://tools.ietf.org/html/rfc3629