# Add a proper registry of apps that can accept URLs from Safari, recognized by an Info.plist key, and add a “Share” or “Send To” panel to Safari that allows users to easily send the current page’s URL to any capable apps.
Not exploitable as far as I can see, this is a mecanism which already exists through the scheme-based dispatch iOS already has (and uses). Safari would simply be extended to dispatch to third-party applications registered against the `http` scheme. Worst thing that can happen is boatloads of applications claiming to handle `http` making for a piss-poor user experience.
As far as I'm concerned this would be the best solution by far (for that issue): it only requires pretty minor changes (technically speaking, the UI/UX issues are bigger), uses existing and well-understood mechanisms, and only touches Safari.
# Add a public iOS API method for apps to prompt users to add a bookmark to Mobile Safari [or] add a Safari-handled URL scheme that apps can invoke to prompt users to add a bookmark
Would be OS-protected APIs, probably with some kind of warnings. Of course users don't read warnings, but the exploitability level would still be pretty low. This is also in-app, with mostly trusted stuff.
# A less-desirable (but still helpful) alternative would be to make the Address field editable in the Add Bookmark sheet for new, unsaved bookmarks. Currently, it’s only editable on edits of existing bookmarks, necessitating many extra steps in this process.
Not exploitable, simply avoids wasting time but clutters the UI.
# Alternately, allowing window.location.href to be set to a javascript: URL, and then having that be the logical URL added when someone taps Add Bookmark
Small privacy issue: because the user has no way to know whether what was bookmarked was a regular URL or a bookmarklet, it can be any arbitrary bookmarklet at any time and let the originally bookmarked site know what the active page was when it got activated.
# window.external.AddFavorite(url, title)
From reading on the API, it seems fairly well protected (only accepts http, https or ftp schemes, title is cleaned up thoroughly before registration) and it prompts for addition instead of adding straight. I don't really see how you could exploit that, on the other hand in that state it's useless for Marco's purposes (can't set javascript:) and it lets you spam the user with infinite requests for favs. Annoying but not downright dangerous.
