[whatwg] Installed Apps

Drew Wilson atwilson at google.com
Tue Aug 4 11:04:23 PDT 2009


On Tue, Aug 4, 2009 at 10:47 AM, Jeremy Orlow <jorlow at chromium.org> wrote:

>
> Which use case is this related to?  If the shared worker is creating UI
> elements for the page, then composing HTML and sicking it into a div's
> .innerHTML is actually (sadly) the fastest way to go at the moment.  Besides
> that, I can't think of why you'd have some huge tree of information for the
> gmail use case.
>

OK, imagine your inbox. It contains a set of emails organized into
"threads", with various attributes and tags associated with them. Imagine
your contacts, which has a set of individual contact entities, with chat
status information updated dynamically, as well as group information for
subsets of those contacts.

I mean, look at the internals of any modern web app - they have data
structures of a similar complexity to traditional apps. They aren't just
conduits for HTML.


>
>
>> Yeah, I'm somewhat leery of the "canned RSS-feed"-style solution to
>> notifications (our vision for notifications is that they are scriptable and
>> more interactive than just a dumb text + icon).
>>
>
> What if the notification could have embedded links?  If you make them too
> powerful, you'll definitely see spam/ads/phishing/etc showing up in them.
>

For spam/ads,I think the problem is identical whether the ad is static or
not static - the user has to enable notifications from some source, and when
something shows up the user needs to have a way to block it if it's
inappropriate.

Agreed that scripting potentially enables some phishing exploits, depending
on how the user is able to interact with the notification. If the
notification can popup and say "Your gmail credentials have expired - please
enter them here:" and allow you to type into the notification, then that's a
potential phishing exploit. But a scriptable notification with restricted
user interaction (i.e. no keyboard input allowed) would seem to be no more
phish-able than a static notification.

-atw

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090804/8a9f77af/attachment-0001.htm>


More information about the whatwg mailing list