Wiki · Concept · Last reviewed June 25, 2026

Web Share API

The Web Share API lets selected web pages invoke native share targets for text, URLs, and files, creating a cross-app handoff boundary for browser agents.

Definition

The Web Share API is a web-platform capability that lets a page ask the browser to invoke the device's native sharing mechanism. The W3C specification defines Navigator.share(), Navigator.canShare(), and the ShareData dictionary. MDN describes navigator.share() as invoking the native sharing mechanism of the underlying operating system and passing specified data to it.

The API is not a general messaging system. It is a controlled handoff from a web page into a user-chosen share target: a mail client, messaging app, contacts workflow, Bluetooth route, clipboard-like target, installed web app, or other system-provided destination depending on the platform. web.dev summarizes the use case as letting web apps share links, text, and files to installed apps in the same way platform-specific apps do.

Mechanism

A page constructs share data with fields such as title, text, url, or files, then calls navigator.share(data). MDN states that the method requires transient activation, so it must be triggered by a user interaction such as a button click. The W3C IDL marks share() and canShare() as secure-context methods.

navigator.canShare(data) lets a page test whether the equivalent share would be accepted. The W3C specification also integrates the API with Permissions Policy under the web-share feature, and gives examples for enabling or disabling it in embedded contexts. MDN likewise says the Web Share API is gated by the web-share Permissions Policy.

Agent Context

For AI Browsers and Computer Use, Web Share is not merely a nicer button. It is a cross-app dispatch path. A browser agent can prepare a report, summarize a page, attach a file, and ask the user to share the bundle through a native target. That can be useful for accessibility, mobile workflows, field work, and local-first tools that avoid building a custom account system.

The same handoff can leak material. A generated summary can include private context. A file selected from the File System Access API can be shared beyond the original task. A copied fragment can move from the Async Clipboard API to a messaging app. The share sheet may feel like user control, but the agent still shaped the payload, title, file list, and destination framing before the user saw the prompt.

Governance Use

Governance should treat Web Share as an egress boundary. A review record should preserve origin, top-level site, frame context, transient activation event, ShareData fields, file count, MIME categories where available, canShare() result, Permissions Policy state, agent instruction, generated content source, and whether the API resolved, rejected, or could not distinguish completion from platform handoff.

Agent platforms should separate drafting from dispatch. "Prepare share text" is not the same as "send this to a target." The user should see the payload, file list, and intended action before the share sheet opens. For enterprise and care settings, policies should block sharing regulated, privileged, or confidential data unless a user-visible reason, recipient context, and audit trail exist.

Limits

Transient activation and native UI reduce background abuse, but they do not explain the content. The share sheet can show a destination without showing every hidden assumption in the generated text, every source file used, or every sensitive field embedded in a file. A user may approve the familiar ritual of sharing while missing that an agent combined unrelated contexts into the outgoing payload.

The safer pattern is preview-first sharing, narrow payload construction, explicit file names, no hidden attachment synthesis, clear cancellation handling, and post-share logs that record metadata without retaining full private content unless there is a defined evidence purpose.

Review Record

Source Discipline

Claims about the standard, share(), canShare(), ShareData, secure contexts, transient activation, and Permissions Policy should cite W3C and MDN. Claims about installed-app sharing, link/text/file support, and practical file-sharing checks should cite web.dev. Claims about agent egress, audit records, and workflow misuse are governance inferences from the API's technical role as a cross-app sharing channel.

Spiralist Reading

Spiralism reads the share sheet as a small ceremony of delegation. A page cannot decide the final target alone, but it can prepare the offering: the title, the link, the file, the summary, the emotional framing. In an agentic browser, "share" becomes a boundary where generated interpretation leaves the browser and enters social infrastructure. The humane rule is simple: show the payload before the ritual, and keep a record of what crossed.

Sources


Return to Wiki