This would only work for webapps on your local machine. Browsers should and would block local and cross domain access for websites.
There’s some ideas for exposing launcher methods through the browser in my proposal over here (SAFEr Browser(s) Proposal - #42 by Krishna).
But the API should be available for websites as part of a standard browser experience. How exactly hasn’t been defined yet. But a RESTful like API should certainly be implemented for websites to gain access, imo. Whether that’s direct to the launcher or passed through a browser layer first also needs to be decided.