emacs-orgmode
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BUG] org-manual: Using bookmarklet for org-capture is no longer rel


From: Max Nikulin
Subject: Re: [BUG] org-manual: Using bookmarklet for org-capture is no longer reliable
Date: Tue, 31 Jan 2023 19:20:59 +0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2

On 31/01/2023 15:11, Charles Philip Chan wrote:
I have been using this org-protocol addon[1] for more than a year and it has
been rock solid for me. According to the author, bookmarklets are getting less
and less useful because CSP (Content Security Policy) blocking them on many
sites (for example Github)[2].

Thank you for the reminder. Using an add-on to extract metadata, I have never tried if bookmarklets are affected by CSP.

I think, we assume different definitions of "rock solid". Does it able to detect that desktop configuration of org-protocol is broken and to notify the user about failure? I do not use :immediate-finish templates, but some people do. There is a risk to quietly lost captures. I do not see other ways to detect errors besides a native messaging helper application.

(info "(org) Template elements") https://orgmode.org/manual/Template-elements.html

[2]  https://github.com/vifon/org-protocol-for-firefox

This extension uses browser.tabs.update method to launch external protocol handler. Perhaps in some cases it is better than assigning window.location.href from a content script like in older

https://github.com/sprig/org-capture-extension/

however I have seen issues with both methods. It is a grey zone and it is hard to predict which one will be more reliable in next versions of browsers. Actually some people believe that even mailto: was a hack, it is not a resource identifier as it can be expected from URI

https://github.com/w3c/web-share/blob/main/docs/explainer.md#why-not-make-a-share-uri-scheme-like-mailto-instead-of-a-javascript-api
https://github.com/chromium/ballista/issues/21
Expand on why registerProtocolHandler and registerProtocolHandler are a hack
The question I have to ask myself, though, is if we were designing
mailto: today, would we do it the same way? And I think the answer is
"no, mailto: is and always was a hack, because we didn't have JavaScript".

So we should not expect that org-protocol: will work reliably in browsers. Position of a firefox developers concerning external handlers for custom protocols:

Bug 1744018 - External scheme handler launched by an add-on can be blocked despite user action
https://bugzilla.mozilla.org/show_bug.cgi?id=1744018#c16
Pairing the extension with a native application and use the
nativeMessaging API seems a better fit for the use case you are describing



reply via email to

[Prev in Thread] Current Thread [Next in Thread]