From e3bb6e2ad3ff07730d211e6d743054a2a0710ad4 Mon Sep 17 00:00:00 2001 From: GittyHarsha Date: Tue, 19 May 2026 15:35:29 +0530 Subject: [PATCH 1/4] Add SmartScreen as origin feature to TrustedOriginSetting spec Add COREWEBVIEW2_ORIGIN_FEATURE_SMART_SCREEN enum with documentation describing per-origin SmartScreen reputation check configuration. Update C++, .NET examples and MIDL3 enum to include SmartScreen. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- specs/TrustedOriginSetting.md | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/specs/TrustedOriginSetting.md b/specs/TrustedOriginSetting.md index 00395602d..246ffa741 100644 --- a/specs/TrustedOriginSetting.md +++ b/specs/TrustedOriginSetting.md @@ -62,6 +62,7 @@ This specification introduces the following interfaces: - AccentColor - EnhancedSecurityMode + - SmartScreen # Example @@ -88,10 +89,17 @@ void SetOriginFeatures() COREWEBVIEW2_ORIGIN_FEATURE_STATE_ENABLED, &enhancedSecuritySetting)); + wil::com_ptr smartScreenSetting; + CHECK_FAILURE(stagingProfile3->CreateOriginFeatureSetting( + COREWEBVIEW2_ORIGIN_FEATURE_SMART_SCREEN, + COREWEBVIEW2_ORIGIN_FEATURE_STATE_DISABLED, + &smartScreenSetting)); + // Set features for origin patterns ICoreWebView2StagingOriginFeatureSetting* features[] = { accentColorSetting.get(), - enhancedSecuritySetting.get() + enhancedSecuritySetting.get(), + smartScreenSetting.get() }; LPCWSTR origins[] = { L"https://*.contoso.com" }; @@ -154,6 +162,7 @@ public void SetOriginFeatures() { { CoreWebView2OriginFeature.AccentColor, CoreWebView2OriginFeatureState.Enabled }, { CoreWebView2OriginFeature.EnhancedSecurityMode, CoreWebView2OriginFeatureState.Enabled }, + { CoreWebView2OriginFeature.SmartScreen, CoreWebView2OriginFeatureState.Disabled }, }; // Set features for origin patterns @@ -203,6 +212,21 @@ typedef enum COREWEBVIEW2_ORIGIN_FEATURE { /// For more information about Enhanced Security Mode, see: /// https://learn.microsoft.com/en-us/microsoft-edge/webview2/concepts/security COREWEBVIEW2_ORIGIN_FEATURE_ENHANCED_SECURITY_MODE, + /// Specifies SmartScreen reputation check settings for the origin. + /// SmartScreen protects users from phishing and malware by checking navigated + /// URLs and downloaded files against a cloud-based reputation service. + /// By default, SmartScreen is enabled for all origins. Setting this feature to + /// `Disabled` for an origin will skip SmartScreen reputation checks for + /// navigations and downloads from that origin, effectively allow-listing it. + /// + /// This configuration operates within the scope of the global SmartScreen toggle + /// controlled by `ICoreWebView2Settings8.IsReputationCheckingRequired`. + /// When `IsReputationCheckingRequired` is `false` (SmartScreen globally + /// disabled), the SmartScreen check is not active and this + /// per-origin configuration has no effect. When `IsReputationCheckingRequired` + /// is `true` (the default), this per-origin configuration controls whether + /// individual origins are exempt from SmartScreen reputation checks. + COREWEBVIEW2_ORIGIN_FEATURE_SMART_SCREEN, } COREWEBVIEW2_ORIGIN_FEATURE; /// Specifies the state of the origin feature. @@ -234,7 +258,7 @@ interface ICoreWebView2StagingProfile3 : IUnknown { /// Configures one or more feature settings for the specified origins. /// /// This method applies feature configurations—such as accent color support, - /// or enhanced security mode—to origins. Origins + /// enhanced security mode, or SmartScreen reputation checking—to origins. Origins /// may be provided as exact origin strings or as wildcard patterns. /// /// The origin pattern can be an exact origin string or a wildcard pattern. @@ -336,6 +360,7 @@ namespace Microsoft.Web.WebView2.Core { AccentColor = 0, EnhancedSecurityMode = 1, + SmartScreen = 2, }; runtimeclass CoreWebView2OriginFeatureSetting From 60c61d5eff64aa954241a9b6a158c59ff9918688 Mon Sep 17 00:00:00 2001 From: GittyHarsha Date: Wed, 20 May 2026 05:06:21 +0530 Subject: [PATCH 2/4] Address PR review comments - Replace hardcoded ICoreWebView2Settings8 reference with link to IsReputationCheckingRequired docs, describe as per-WebView setting - Add security warning about disabling SmartScreen only for trusted origins - Restore COREWEBVIEW2_ORIGIN_FEATURE_STATE doc comment Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- specs/TrustedOriginSetting.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/specs/TrustedOriginSetting.md b/specs/TrustedOriginSetting.md index 246ffa741..ba61e68c7 100644 --- a/specs/TrustedOriginSetting.md +++ b/specs/TrustedOriginSetting.md @@ -219,9 +219,14 @@ typedef enum COREWEBVIEW2_ORIGIN_FEATURE { /// `Disabled` for an origin will skip SmartScreen reputation checks for /// navigations and downloads from that origin, effectively allow-listing it. /// - /// This configuration operates within the scope of the global SmartScreen toggle - /// controlled by `ICoreWebView2Settings8.IsReputationCheckingRequired`. - /// When `IsReputationCheckingRequired` is `false` (SmartScreen globally + /// \warning Disabling SmartScreen for an origin removes important security + /// protections. Only disable SmartScreen for fully trusted, app-controlled + /// origins where the content is known to be safe. + /// + /// This configuration operates within the scope of the per-WebView SmartScreen + /// setting controlled by + /// [IsReputationCheckingRequired](https://learn.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2settings.isreputationcheckingrequired). + /// When `IsReputationCheckingRequired` is `false` (SmartScreen /// disabled), the SmartScreen check is not active and this /// per-origin configuration has no effect. When `IsReputationCheckingRequired` /// is `true` (the default), this per-origin configuration controls whether From cc3a11998d8b92a43acf49abd3ed405ce00d9e8c Mon Sep 17 00:00:00 2001 From: GittyHarsha Date: Wed, 20 May 2026 05:29:17 +0530 Subject: [PATCH 3/4] Simplify SmartScreen doc: focus on effect, not IsReputationCheckingRequired internals Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- specs/TrustedOriginSetting.md | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/specs/TrustedOriginSetting.md b/specs/TrustedOriginSetting.md index ba61e68c7..8746299dc 100644 --- a/specs/TrustedOriginSetting.md +++ b/specs/TrustedOriginSetting.md @@ -219,18 +219,14 @@ typedef enum COREWEBVIEW2_ORIGIN_FEATURE { /// `Disabled` for an origin will skip SmartScreen reputation checks for /// navigations and downloads from that origin, effectively allow-listing it. /// - /// \warning Disabling SmartScreen for an origin removes important security - /// protections. Only disable SmartScreen for fully trusted, app-controlled - /// origins where the content is known to be safe. + /// Warning: Disabling SmartScreen for an origin bypasses phishing and malware + /// reputation checks. Only disable for fully trusted, app-controlled origins + /// where the content is known to be safe. /// - /// This configuration operates within the scope of the per-WebView SmartScreen - /// setting controlled by - /// [IsReputationCheckingRequired](https://learn.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2settings.isreputationcheckingrequired). - /// When `IsReputationCheckingRequired` is `false` (SmartScreen - /// disabled), the SmartScreen check is not active and this - /// per-origin configuration has no effect. When `IsReputationCheckingRequired` - /// is `true` (the default), this per-origin configuration controls whether - /// individual origins are exempt from SmartScreen reputation checks. + /// This per-origin configuration only takes effect when SmartScreen is + /// enabled. If SmartScreen is disabled via + /// [IsReputationCheckingRequired](https://learn.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2settings.isreputationcheckingrequired), + /// this setting has no effect. COREWEBVIEW2_ORIGIN_FEATURE_SMART_SCREEN, } COREWEBVIEW2_ORIGIN_FEATURE; From 516629f9d1688b34d0a333c2993e19df785629d5 Mon Sep 17 00:00:00 2001 From: GittyHarsha Date: Thu, 28 May 2026 20:00:59 +0530 Subject: [PATCH 4/4] Rename SmartScreen to ReputationChecking, add trailing comma Address PR review comments from oldnewthing and david-risney: - Rename SMART_SCREEN to REPUTATION_CHECKING throughout the spec to avoid marketing names and align with existing IsReputationCheckingRequired API terminology. - Add trailing comma in C++ example array for easier future updates. - Fix default state docs: unconfigured origins follow IsReputationCheckingRequired (not always Enabled). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- specs/TrustedOriginSetting.md | 45 ++++++++++++++++------------------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/specs/TrustedOriginSetting.md b/specs/TrustedOriginSetting.md index 8746299dc..df02d3958 100644 --- a/specs/TrustedOriginSetting.md +++ b/specs/TrustedOriginSetting.md @@ -62,7 +62,7 @@ This specification introduces the following interfaces: - AccentColor - EnhancedSecurityMode - - SmartScreen + - ReputationChecking # Example @@ -89,17 +89,17 @@ void SetOriginFeatures() COREWEBVIEW2_ORIGIN_FEATURE_STATE_ENABLED, &enhancedSecuritySetting)); - wil::com_ptr smartScreenSetting; + wil::com_ptr reputationCheckingSetting; CHECK_FAILURE(stagingProfile3->CreateOriginFeatureSetting( - COREWEBVIEW2_ORIGIN_FEATURE_SMART_SCREEN, + COREWEBVIEW2_ORIGIN_FEATURE_REPUTATION_CHECKING, COREWEBVIEW2_ORIGIN_FEATURE_STATE_DISABLED, - &smartScreenSetting)); + &reputationCheckingSetting)); // Set features for origin patterns ICoreWebView2StagingOriginFeatureSetting* features[] = { accentColorSetting.get(), enhancedSecuritySetting.get(), - smartScreenSetting.get() + reputationCheckingSetting.get(), }; LPCWSTR origins[] = { L"https://*.contoso.com" }; @@ -162,7 +162,7 @@ public void SetOriginFeatures() { { CoreWebView2OriginFeature.AccentColor, CoreWebView2OriginFeatureState.Enabled }, { CoreWebView2OriginFeature.EnhancedSecurityMode, CoreWebView2OriginFeatureState.Enabled }, - { CoreWebView2OriginFeature.SmartScreen, CoreWebView2OriginFeatureState.Disabled }, + { CoreWebView2OriginFeature.ReputationChecking, CoreWebView2OriginFeatureState.Disabled }, }; // Set features for origin patterns @@ -212,22 +212,19 @@ typedef enum COREWEBVIEW2_ORIGIN_FEATURE { /// For more information about Enhanced Security Mode, see: /// https://learn.microsoft.com/en-us/microsoft-edge/webview2/concepts/security COREWEBVIEW2_ORIGIN_FEATURE_ENHANCED_SECURITY_MODE, - /// Specifies SmartScreen reputation check settings for the origin. - /// SmartScreen protects users from phishing and malware by checking navigated - /// URLs and downloaded files against a cloud-based reputation service. - /// By default, SmartScreen is enabled for all origins. Setting this feature to - /// `Disabled` for an origin will skip SmartScreen reputation checks for - /// navigations and downloads from that origin, effectively allow-listing it. + /// Specifies per-origin reputation checking settings. + /// Reputation checking protects users from phishing and malware by checking + /// navigated URLs and downloaded files against a cloud-based reputation service. + /// Setting this feature to `Disabled` for an origin will skip reputation + /// checks for navigations and downloads from that origin, effectively + /// allow-listing it. If reputation checking is not configured for an origin, + /// the [IsReputationCheckingRequired](https://learn.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2settings.isreputationcheckingrequired) + /// setting will apply. /// - /// Warning: Disabling SmartScreen for an origin bypasses phishing and malware - /// reputation checks. Only disable for fully trusted, app-controlled origins - /// where the content is known to be safe. - /// - /// This per-origin configuration only takes effect when SmartScreen is - /// enabled. If SmartScreen is disabled via - /// [IsReputationCheckingRequired](https://learn.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2settings.isreputationcheckingrequired), - /// this setting has no effect. - COREWEBVIEW2_ORIGIN_FEATURE_SMART_SCREEN, + /// Warning: Disabling reputation checking for an origin bypasses phishing and + /// malware reputation checks. Only disable for fully trusted, app-controlled + /// origins where the content is known to be safe. + COREWEBVIEW2_ORIGIN_FEATURE_REPUTATION_CHECKING, } COREWEBVIEW2_ORIGIN_FEATURE; /// Specifies the state of the origin feature. @@ -258,8 +255,8 @@ interface ICoreWebView2StagingProfile3 : IUnknown { /// Configures one or more feature settings for the specified origins. /// - /// This method applies feature configurations—such as accent color support, - /// enhanced security mode, or SmartScreen reputation checking—to origins. Origins + /// This method applies feature configurations (such as accent color support, + /// enhanced security mode, or reputation checking) to origins. Origins /// may be provided as exact origin strings or as wildcard patterns. /// /// The origin pattern can be an exact origin string or a wildcard pattern. @@ -361,7 +358,7 @@ namespace Microsoft.Web.WebView2.Core { AccentColor = 0, EnhancedSecurityMode = 1, - SmartScreen = 2, + ReputationChecking = 2, }; runtimeclass CoreWebView2OriginFeatureSetting