Skip to content

web: honor ui/download-file with confirmation and http(s) allowlist #1569

Description

@cliffhall

Summary

Honor ui/download-file requests from MCP App views: with user confirmation, either write an embedded resource (text/blob) to disk or open an http(s)-only resource_link in a new tab. Labels shown in the confirmation are sanitized.

Why

ui/download-file is part of the ext-apps host surface and is currently silently dropped, so widgets using it appear broken in the inspector.

Reference implementation (PR #1510)

Re-implement informed by these changes at 33fac3f:

Depends on

  • downloadFile.ts enhancements (library)
  • CSP enforcement + resource-error surfacing in the bridge factory (same file; land first)

Wave 2 lane — sequential with the other AppRenderer/AppsScreen issues.

Notes

  • Security posture: confirmation required; resource_link restricted to http(s) (no javascript:/data:/file:); sanitize any widget-supplied text shown in host UI.
  • Coverage gate ≥90 on all four dimensions.

Part of the PR #1510 decomposition (see tracking issue).

Metadata

Metadata

Assignees

Labels

v2Issues and PRs for v2

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions