# UnifiedFiler v1.9.9-fix3 Notes

v1.9.9-fix3 adds the Host-facing Preview Provider Extension API.

## Main changes

- Added `PreviewProviderRegistry`.
- Added provider registration APIs to `PreviewService`:
  - `registerProvider(provider)`
  - `registerProviders(providers)`
  - `unregisterProvider(providerId)`
  - `getProviderForEntry(entry, context)`
  - `getProviders(context)`
- Added Host-facing Control APIs:
  - `FileExplorerControl.registerPreviewProvider(provider)`
  - `FileExplorerControl.registerPreviewProviders(providers)`
  - `FileExplorerControl.unregisterPreviewProvider(providerId)`
  - `FileExplorerControl.getPreviewProvider(providerId)`
  - `FileExplorerControl.getPreviewProviders(context)`
  - `FilePickerControl.registerPreviewProvider(provider)`
  - `UnifiedFilerControl.registerPreviewProvider(provider)`
- Host Preview Providers are evaluated before the built-in preview renderers.
- In FileExplorer, Host Preview Providers are evaluated before package preview so Host systems can override native package preview when needed.
- Added a Control Architecture demo provider for `.hcard` files.

## Provider shape

```javascript
control.registerPreviewProvider({
    id: 'unified-model-preview',
    label: 'Unified Model Preview',
    extensions: ['.umdlx'],
    mimeTypes: ['application/vnd.itoolkits.umdlx'],
    priority: 100,
    trustedHtml: true,
    render: function (context) {
        return context.read().then(function (result) {
            return result.data.text();
        }).then(function (text) {
            var model = JSON.parse(text || '{}');
            return {
                html: '<div>' + context.escape(model.title || context.entry.name) + '</div>',
                trustedHtml: true
            };
        });
    }
});
```

## Security note

Providers that return HTML must either escape all user/file content with `context.escape()` or return plain text with `{ text: '...' }`. If `trustedHtml` is not true, provider HTML is rendered as escaped text.
