FWIW, I don't see this behavior in Mac OS X 10.4.6, But maybe it's just the page that has changed.

Confirmed with WebKit 418.8 and r15138. Reduction coming right up.

Created attachment 9226 [details] Reduction

I'm not entirely sure if this can be considered a bug. I think it may be desirable for URL schemes that launch external applications to require explicit user action, in a similar way that popups are blocked unless they come as a result of a user action. Changing this behaviour would break the "standard" links to iTunes Music Store as generated by http://www.apple.com/itunes/linkmaker/, but I'm sure a new method could be found to support that use case.

(In reply to comment #4) > I'm not entirely sure if this can be considered a bug. ... Changing this behaviour would break the >"standard" links to iTunes Music Store as generated by http://www.apple.com/itunes/linkmaker/, but >I'm sure a new method could be found to support that use case. I may not be sophisticated enough to get your post--or whether you are for or against, so at the risk of being a blowhard: I don't really understand how you say it would "break" a "standard" behavior...the link maker is designed to make LINKS. To me, "Links" are things you click on to do something...not automated script behavior executing with zero user input. Loading and viewing a web page doesn't mean execute scripts willy nilly--that is BAD. It is intrusive to have pop ups, but a differnet level entirely when scripts affect changes/behaviors outiside of app I'm using. ((This is so offensive to me...but that doesn't mean I am right either.)) I think the Firefox and Camino have it right: Remember who's machine it is, and let that person decide to follow the link/allow the script behavior. Just because Apple wishes to create a revenue stream potential doesn't mean that usurping the user's control in the process was what they had in mind. Strive to provide the user a warning per incident, or if you think that would be peeing in Apple's Cereal, perhaps a pref to require consents. Do you really think that people should be buying through ITMS and profit going to referring sites that engage in this behavior? How many people would even realize what's happening? I'd rather launch ITMS myself and give all profit to them vs. some site that had nothing to do with music launching my player for sneaky credits. This probably wouldn't have bothered me as much if I'd been at a band's site and they "pushed" me there...but even at that, it is really wrong to do it without me CLICKING A LINK, PUSHING A BUTTON, etc.. ----- I don't know if the potential exists, but if this capability is there, what other apps, script behaviors, etc. could be set into motion without my consent for just loading/viewing a page??? Nip it in the bud!!!!

There isn't really a lot of opportunity for security problems as LaunchServices, the system component that determines which application handles a given URL, will not allow a program to be run without human intervention unless that application has been run before. At the most this bug is an annoyance, and I agree that it can be rather annoying at times. As for my comment about the iTMS link maker -- it is unlikely that Apple will intentionally change their browser in such a way as to break the behaviour of another Apple product. As you note, it is somewhat different in that it *is* triggered by clicking a link, but the actual loading of the itms:// URL happens on load of a normal HTML page, and is thus no different from the reduction that I provided.

I am able to reproduce this bug in Safari 15.6 on macOS 12.5 using attached test case and loading the test case opened "Music" app (new iTunes) and it didn't show any dialog box to warn like other browsers (Chrome Canary 106 and Firefox Nightly 104). Thanks!

<rdar://problem/97553008>