Messenger Implementation for Webxdc Apps

This section describes requirements and guidance for messenger implementors to add support for their users to run and interact with webxdc apps. Webxdc apps are attached to a chat message using the container file format, and they can be "started" on all receiving devices of the chat message. Each such chat message constitutes a separate "webxdc app". The same webxdc container file shared in two separate chat messages will be regarded as two separate "webxdc apps" and the two apps can not communicate with, or even know about, each other.

Webview Constraints for Running Apps

When starting a web view for a webxdc app to run, messenger implementors:

  • MUST run the webxdc container file in a constrained, network-isolated webview that MUST deny all forms of internet access. If you don't do this unsuspecting users may leak data of their private interactions to outside third parties. You do not need to offer "privacy" or "cookie" consent screens as there is no way a webxdc app can implicitly transfer user data to the internet.

  • MUST allow unrestricted use of DOM storage (local storage, indexed db and co), but make sure it is scoped to each webxdc app so they can not delete or modify the data of other webxdc content.

  • MUST inject webxdc.js and implement the Webxdc Javascript API so that messages are relayed and shown in chats.

  • MUST make sure the standard JavaScript API works as described at Other APIs and Tags Usage Hints.

In "Bringing E2E privacy to the web" Delta Chat developers discuss the unique privacy guarantees of webxdc, and which mitigations messengers using Chromium webviews need to implement to satisfy them.

UI Interactions in Chats

  • Text from update.info SHOULD be shown in the chats and tapping them should jump to their webxdc message

  • The most recent text from update.document and update.summary SHOULD be shown inside the webxdc message, together with name and icon. Only one line of text SHOULD be shown and truncation is fine as webxdc devs SHOULD NOT be encouraged to send long texts here.

  • A "Start" button SHOULD run the webxdc app.

Example Messenger Implementations