The Web Applications Working Group has published Web Share API as a W3C Recommendation. This specification defines an API for sharing text, links and other content to an arbitrary destination of the user’s choice. The available share targets are not specified here; they are provided by the user agent. They could, for example, be apps, websites or contacts.

  • While I haven’t read through the spec to see how they deal with this, my immediate thought upon seeing the JS snippets is how spam sites might use it. Similar to a MFA fatigue attack, it seems plausible to me you may use this API to get your spam shared by shoving the share menu on people’s faces repeatedly.