[whatwg] Suggestion for a Specification: XUL Basic
Ian Hickson
ian at hixie.ch
Thu Jun 10 12:18:23 PDT 2004
On Thu, 10 Jun 2004, Jose Dinuncio wrote:
>
> I think I've understood the reason of our divergences. If I interpret
> you rightly, the problem is that a intranet user is visiting a insecure
> site inside the intranet and a web app pops up and he is fooled to use
> this app.
Right. Where "insecure" doesn't mean it has any way of doing anything
actively hostile, it just fakes the user into entering his credit card
details, for example.
> The scenario I have in mind is another one: you need to do your job
> using several well known web apps in your intranet. You know that the
> CRM apps is at http://mydoamin.com/crm. That's it: navigation vs. app
> delivery.
Oh, I totally understand the requirement.
>> Presentational markup is very bad for accessibility. Whatever language
>> you use, you would want it to be semantic. And luckily we have this
>> semantic language right here and already supported in several
>> browsers... HTML. :-)
> Ok. But if web apps outside the browser are to be implemented, it would
> be necessary a way to attach info to the window (again, menu bar,
> control bar, status bar, close button...)
Yeah, those would just be extensions to HTML in web-apps 1.0.
>> No but it will tell you whether the application is from www.paypal.com
>> or hostile.intranet.example.com, even if the actual content looks
>> identical in both.
>
> Security by browser chrome doesn't seem the way to go.
How would you do it then?
> I'm trying to keep open a path to WAOB. I think this feature can play an
> important role in the future of this project.
I agree.
One possibility would be for the application to be able to "request" WAOB
status, maybe using an attribute or something:
<html application="application">
...and this would pop up a dialog box saying:
:: Security Warning :::::::::::::::::::::::::::::::::::
| |
| The Web page at this domain: |
| |
| paypcl.com |
| |
| ...wishes to launch an application in a separate |
| window. Do you trust this domain? |
| |
| [x] Remember this decision. |
| |
| (( Trust paypcl.com )) ( Display as Web page ) |
| |
'-----------------------------------------------------'
What do people think? Would this solve the problem?
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list