HTML's registerProtocolHandler() gives a webpage a mechanism to register itself to handle a protocol after a user consents. For example, a web-based email application could register to handle the mailto: scheme. A corresponding unregisterProtocolHandler() API allows a site to abandon its protocol-handling registration.
These two APIs expose a powerful capability (reconfigures client state, subsequently transmits potentially-sensitive data over the network) thus they should only be exposed in secure contexts.