Re: [BUG] org-manual: Using bookmarklet for org-capture is no longer reliable

[Max Nikulin]

On 31/01/2023 15:11, Charles Philip Chan wrote:
> I have been using this org-protocol addon[1] for more than a year and it has
> been rock solid for me. According to the author, bookmarklets are getting less
> and less useful because CSP (Content Security Policy) blocking them on many
> sites (for example Github)[2].

Thank you for the reminder. Using an add-on to extract metadata, I have 
never tried if bookmarklets are affected by CSP.

I think, we assume different definitions of "rock solid". Does it able 
to detect that desktop configuration of org-protocol is broken and to 
notify the user about failure? I do not use :immediate-finish templates, 
but some people do. There is a risk to quietly lost captures. I do not 
see other ways to detect errors besides a native messaging helper 
application.

(info "(org) Template elements") 
https://orgmode.org/manual/Template-elements.html

> [2]  https://github.com/vifon/org-protocol-for-firefox

This extension uses browser.tabs.update method to launch external 
protocol handler. Perhaps in some cases it is better than assigning 
window.location.href from a content script like in older

https://github.com/sprig/org-capture-extension/

however I have seen issues with both methods. It is a grey zone and it 
is hard to predict which one will be more reliable in next versions of 
browsers. Actually some people believe that even mailto: was a hack, it 
is not a resource identifier as it can be expected from URI

https://github.com/w3c/web-share/blob/main/docs/explainer.md#why-not-make-a-share-uri-scheme-like-mailto-instead-of-a-javascript-api
https://github.com/chromium/ballista/issues/21
Expand on why registerProtocolHandler and registerProtocolHandler are a hack
> The question I have to ask myself, though, is if we were designing
> mailto: today, would we do it the same way? And I think the answer is
> "no, mailto: is and always was a hack, because we didn't have JavaScript".

So we should not expect that org-protocol: will work reliably in 
browsers. Position of a firefox developers concerning external handlers 
for custom protocols:

Bug 1744018 - External scheme handler launched by an add-on can be 
blocked despite user action
https://bugzilla.mozilla.org/show_bug.cgi?id=1744018#c16
> Pairing the extension with a native application and use the
> nativeMessaging API seems a better fit for the use case you are describing