The Web Applications Working Group has published Web Share API as a W3C Recommendation. This specification defines an API for sharing text, links and other content to an arbitrary destination of the user’s choice. The available share targets are not specified here; they are provided by the user agent. They could, for example, be apps, websites or contacts.

  • ollien@beehaw.org
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    While I haven’t read through the spec to see how they deal with this, my immediate thought upon seeing the JS snippets is how spam sites might use it. Similar to a MFA fatigue attack, it seems plausible to me you may use this API to get your spam shared by shoving the share menu on people’s faces repeatedly.

    • Nah, the share api just pops up the OS share dialog, if the user didn’t want that they can just close it, if they click a share target then when the share target usually asks for another confirmation click. It’s not likely the user will click three times accidentally.