How secure is data passed via Custom Protocol Handler?

Asked Sep 09 '21 at 15:01

Active Jan 25 '22 at 09:09

Viewed 174 times

Let's say you set up a custom protocol handler to run an application with some startup data, right?

myapp:\\somedata

How secure is that data? I'm having trouble finding any resources talking about:

Do browsers cache this data?
Can other applications see this information get passed and how?

I've found resources talking about obvious problems, like attacking sites can abuse your protocol if they find you have one.

Otherwise, for developers looking to use their website to launch an app in this way, what do we need to be concerned about if we don't want anyone else seeing "somedata"? More specifically, how is the data accessible to attackers?

Any MDN or other official references would be much appreciated!

edited Jan 25 '22 at 09:09

ashleedawg

20,365
9
72
105

asked Sep 09 '21 at 15:01

elrobe

I found this post: https://security.stackexchange.com/questions/55726/are-custom-protocols-insecure. Unfortunately, that doesn't really tell me why or how "somedata" can be exposed. – elrobe Sep 09 '21 at 18:24

How secure is data passed via Custom Protocol Handler?

0 Answers0